| Category | Started On | Completed On | Duration | Cuckoo Version |
|---|---|---|---|---|
| FILE | 2014-07-18 01:53:21 | 2014-07-18 01:56:51 | 210 seconds | 1.2-dev |
| Machine | Label | Manager | Started On | Shutdown On |
|---|---|---|---|---|
| machine3 | winxpmacine3 | VirtualBox | 2014-07-18 01:53:22 | 2014-07-18 01:56:51 |
| File name | sep14cfs-c1.pdf | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| File size | 416182 bytes | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| File type | PDF document, version 1.6 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CRC32 | D5DB08D9 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| MD5 | 97bc67c0d1b1bf92395acf628b442476 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA1 | f30f233bc65ec537ac3e70b2af821b79a7da2272 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA256 | 767c992d48eede63fa8e2d95b82dc58e1b157b9cbe90f7d356bc4d70ef5232c1 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA512 | 68640b7fb53b6ae3f936fe91850dfcfb7a6f377dd6ac36b3cb4e4bdb320c476b5b260a32cde5067fe927e300ab0cba0205efa5c0f3bada1cc3d9081821e8a16e | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Ssdeep | None | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| PEiD | None matched | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Yara | None matched | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| VirusTotal |
Permalink VirusTotal Scan Date: 2014-07-18 05:49:19 Detection Rate: 0/54 (Expand)
|
| File name | autoexec.bat |
|---|---|
| File size | 0 bytes |
| File type | empty |
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
| Ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | sep14cfs-c1.pdf |
|---|---|
| File size | 416182 bytes |
| File type | PDF document, version 1.6 |
| MD5 | 97bc67c0d1b1bf92395acf628b442476 |
| SHA1 | f30f233bc65ec537ac3e70b2af821b79a7da2272 |
| SHA256 | 767c992d48eede63fa8e2d95b82dc58e1b157b9cbe90f7d356bc4d70ef5232c1 |
| SHA512 | 68640b7fb53b6ae3f936fe91850dfcfb7a6f377dd6ac36b3cb4e4bdb320c476b5b260a32cde5067fe927e300ab0cba0205efa5c0f3bada1cc3d9081821e8a16e |
| Ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| IP Address |
|---|
| 10.129.0.10 |
| 10.129.0.255 |
| 23.0.57.92 |
| 23.3.13.235 |
| 23.3.13.250 |
| 23.3.13.195 |
| 23.3.13.241 |
| 23.3.13.200 |
| Domain | IP Address |
|---|---|
| service-updates.adobe.com | 23.0.57.92 |
| acroipm2.adobe.com | 23.3.13.216 |
| armmf.adobe.com | 23.0.57.92 |
registry filesystem process services network synchronization
| Timestamp | Thread | Function | Arguments | Status | Return | Repeated |
|---|---|---|---|---|---|---|
| 09:16:53,005 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32.DLL |
SUCCESS | 0x00000000 | |
| 09:16:53,005 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => FlsAlloc FunctionAddress => 0x00522e5c ModuleHandle => 0x7c800000 |
FAILURE | 3221225785 | |
| 09:16:53,015 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => FlsGetValue FunctionAddress => 0x00522e50 ModuleHandle => 0x7c800000 |
FAILURE | 3221225785 | |
| 09:16:53,015 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => FlsSetValue FunctionAddress => 0x00522e44 ModuleHandle => 0x7c800000 |
FAILURE | 3221225785 | |
| 09:16:53,015 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => FlsFree FunctionAddress => 0x00522e3c ModuleHandle => 0x7c800000 |
FAILURE | 3221225785 | |
| 09:16:53,015 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32.DLL |
SUCCESS | 0x00000000 | |
| 09:16:53,045 | 468 | LdrLoadDll |
Flags => 1244460 BaseAddress => 0x7c9c0000 FileName => SHELL32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,045 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CommandLineToArgvW FunctionAddress => 0x7ca41348 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,045 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,045 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => IsWow64Process FunctionAddress => 0x7c815229 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,055 | 468 | RegOpenKeyExW |
Handle => 0x00000080 Registry => 0x80000002 SubKey => Software\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown |
SUCCESS | 0x00000000 | |
| 09:16:53,055 | 468 | RegQueryValueExW |
Handle => 0x00000080 DataLength => 4 ValueName => bProtectedMode Type => 1242528 |
FAILURE | 0x00000002 | |
| 09:16:53,055 | 468 | RegCloseKey |
Handle => 0x00000080 |
SUCCESS | 0x00000000 | |
| 09:16:53,055 | 468 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Adobe\Acrobat Reader\11.0\Privileged |
FAILURE | 0x00000002 | |
| 09:16:53,055 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => sftldr.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,055 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => sftldr_wow64.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,055 | 468 | FindWindowA |
ClassName => 32770 WindowName => _AcroAppTimer |
FAILURE | 0x00000000 | |
| 09:16:53,055 | 468 | RegOpenKeyExW |
Handle => 0x0000008c Registry => 0x80000002 SubKey => SOFTWARE\Policies\Adobe\Acrobat Reader\11.0 |
SUCCESS | 0x00000000 | |
| 09:16:53,055 | 468 | RegQueryValueExW |
Handle => 0x0000008c DataLength => 4 ValueName => bEnableAlternateTempDirectory Type => 1244632 |
FAILURE | 0x00000002 | |
| 09:16:53,055 | 468 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Adobe\Acrobat Reader\11.0\Privileged |
FAILURE | 0x00000002 | |
| 09:16:53,055 | 468 | RegQueryValueExW |
Handle => 0x00000000 DataLength => 4 ValueName => bEnableAlternateTempDirectory Type => 4 |
FAILURE | 0x00000006 | |
| 09:16:53,055 | 468 | RegCloseKey |
Handle => 0x0000008c |
SUCCESS | 0x00000000 | |
| 09:16:53,055 | 468 | RegOpenKeyExW |
Handle => 0x0000008c Registry => 0x80000002 SubKey => SOFTWARE\Policies\Adobe\Acrobat Reader\11.0 |
SUCCESS | 0x00000000 | |
| 09:16:53,055 | 468 | RegQueryValueExW |
Handle => 0x0000008c DataLength => 4 ValueName => bEnableAlternateLaunchDesktop Type => 1244632 |
FAILURE | 0x00000002 | |
| 09:16:53,055 | 468 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Adobe\Acrobat Reader\11.0\Privileged |
FAILURE | 0x00000002 | |
| 09:16:53,055 | 468 | RegQueryValueExW |
Handle => 0x00000000 DataLength => 4 ValueName => bEnableAlternateLaunchDesktop Type => 4 |
FAILURE | 0x00000006 | |
| 09:16:53,055 | 468 | RegCloseKey |
Handle => 0x0000008c |
SUCCESS | 0x00000000 | |
| 09:16:53,055 | 468 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Adobe\Adobe Acrobat\11.0\Security |
FAILURE | 0x00000002 | |
| 09:16:53,055 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,055 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetProcessDEPPolicy FunctionAddress => 0x7c862144 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,055 | 468 | NtOpenMutant |
Handle => 0x7c80ae80 MutexName => Global\ARM Update Mutex |
FAILURE | 3221225524 | |
| 09:16:53,055 | 468 | NtOpenMutant |
Handle => 0x7c80ae80 MutexName => Global\Acro Update Mutex |
FAILURE | 3221225524 | |
| 09:16:53,065 | 468 | FindWindowW |
ClassName => AdobeAcrobatSpeedLaunchCmdWnd WindowName => |
FAILURE | 0x00000000 | |
| 09:16:53,065 | 468 | FindWindowW |
ClassName => AdobeReaderSpeedLaunchCmdWnd WindowName => |
FAILURE | 0x00000000 | |
| 09:16:53,065 | 468 | LdrLoadDll |
Flags => 1244448 BaseAddress => 0x77690000 FileName => NTMARTA.DLL |
SUCCESS | 0x00000000 | |
| 09:16:53,065 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AccFreeIndexArray FunctionAddress => 0x77698632 ModuleHandle => 0x77690000 |
SUCCESS | 0x00000000 | |
| 09:16:53,065 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AccTreeResetNamedSecurityInfo FunctionAddress => 0x77699253 ModuleHandle => 0x77690000 |
SUCCESS | 0x00000000 | |
| 09:16:53,065 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AccGetInheritanceSource FunctionAddress => 0x77698e1d ModuleHandle => 0x77690000 |
SUCCESS | 0x00000000 | |
| 09:16:53,065 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AccLookupAccountTrustee FunctionAddress => 0x776a6901 ModuleHandle => 0x77690000 |
SUCCESS | 0x00000000 | |
| 09:16:53,065 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AccRewriteGetNamedRights FunctionAddress => 0x776925cd ModuleHandle => 0x77690000 |
SUCCESS | 0x00000000 | |
| 09:16:53,065 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AccRewriteSetNamedRights FunctionAddress => 0x7769324d ModuleHandle => 0x77690000 |
SUCCESS | 0x00000000 | |
| 09:16:53,065 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AccRewriteGetHandleRights FunctionAddress => 0x776930d1 ModuleHandle => 0x77690000 |
SUCCESS | 0x00000000 | |
| 09:16:53,075 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AccRewriteSetHandleRights FunctionAddress => 0x77692f83 ModuleHandle => 0x77690000 |
SUCCESS | 0x00000000 | |
| 09:16:53,075 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AccRewriteSetEntriesInAcl FunctionAddress => 0x77692a56 ModuleHandle => 0x77690000 |
SUCCESS | 0x00000000 | |
| 09:16:53,075 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AccRewriteGetExplicitEntriesFromAcl FunctionAddress => 0x77699ec8 ModuleHandle => 0x77690000 |
SUCCESS | 0x00000000 | |
| 09:16:53,075 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AccLookupAccountName FunctionAddress => 0x776a52d2 ModuleHandle => 0x77690000 |
SUCCESS | 0x00000000 | |
| 09:16:53,075 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AccLookupAccountSid FunctionAddress => 0x776a64b3 ModuleHandle => 0x77690000 |
SUCCESS | 0x00000000 | |
| 09:16:53,075 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AccSetEntriesInAList FunctionAddress => 0x776a5c9a ModuleHandle => 0x77690000 |
SUCCESS | 0x00000000 | |
| 09:16:53,075 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AccConvertAccessToSecurityDescriptor FunctionAddress => 0x776a5d8d ModuleHandle => 0x77690000 |
SUCCESS | 0x00000000 | |
| 09:16:53,075 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AccConvertSDToAccess FunctionAddress => 0x776a5e9c ModuleHandle => 0x77690000 |
SUCCESS | 0x00000000 | |
| 09:16:53,075 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AccGetAccessForTrustee FunctionAddress => 0x776a6050 ModuleHandle => 0x77690000 |
SUCCESS | 0x00000000 | |
| 09:16:53,075 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AccConvertAclToAccess FunctionAddress => 0x776a60c9 ModuleHandle => 0x77690000 |
SUCCESS | 0x00000000 | |
| 09:16:53,075 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AccGetExplicitEntries FunctionAddress => 0x776a628b ModuleHandle => 0x77690000 |
SUCCESS | 0x00000000 | |
| 09:16:53,075 | 468 | CreateThread |
ThreadId => 0 StartRoutine => 0x0040c2a0 Parameter => 0x0039a880 CreationFlags => 0 |
SUCCESS | 0x000000d0 | |
| 09:16:53,075 | 468 | RegOpenKeyExW |
Handle => 0x000000d4 Registry => 0x80000002 SubKey => SOFTWARE\Policies\Adobe\Acrobat Reader\11.0 |
SUCCESS | 0x00000000 | |
| 09:16:53,075 | 468 | RegQueryValueExW |
Handle => 0x000000d4 DataLength => 4 ValueName => bEnableHeapMitigations Type => 1244592 |
FAILURE | 0x00000002 | |
| 09:16:53,075 | 468 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Adobe\Acrobat Reader\11.0\Privileged |
FAILURE | 0x00000002 | |
| 09:16:53,075 | 468 | RegQueryValueExW |
Handle => 0x00000000 DataLength => 4 ValueName => bEnableHeapMitigations Type => 4 |
FAILURE | 0x00000006 | |
| 09:16:53,075 | 468 | RegCloseKey |
Handle => 0x000000d4 |
SUCCESS | 0x00000000 | |
| 09:16:53,075 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,075 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => HeapAlloc FunctionAddress => 0x7c9100a4 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,075 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => HeapFree FunctionAddress => 0x7c90ff0d ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,075 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,075 | 468 | VirtualProtectEx |
Protection => 0x00000080 ProcessHandle => 0xffffffff Address => 0x004fc38c Size => 0x00000004 |
SUCCESS | 0x00000001 | |
| 09:16:53,075 | 468 | VirtualProtectEx |
Protection => 0x00000002 ProcessHandle => 0xffffffff Address => 0x004fc38c Size => 0x00000004 |
SUCCESS | 0x00000001 | |
| 09:16:53,085 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,085 | 468 | VirtualProtectEx |
Protection => 0x00000080 ProcessHandle => 0xffffffff Address => 0x004fc414 Size => 0x00000004 |
SUCCESS | 0x00000001 | |
| 09:16:53,085 | 468 | VirtualProtectEx |
Protection => 0x00000002 ProcessHandle => 0xffffffff Address => 0x004fc414 Size => 0x00000004 |
SUCCESS | 0x00000001 | |
| 09:16:53,085 | 468 | LdrLoadDll |
Flags => 1244440 BaseAddress => 0x774e0000 FileName => ole32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,085 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInitializeEx FunctionAddress => 0x774fef7b ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,085 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\WINDOWS\system32\rpcss.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,085 | 468 | DeviceIoControl |
DeviceHandle => 0x00000090 OutBuffer => v(\xc5\xd37B;\xe0N\x85\x84\x83\xf5\x1dH=\x1eY\xee\xc2\xe364i\x13.]\x9a\x99\xa4\xe0[\xe5 \xa4\xcf\x8b\xbd`\xb2g\xb5\x1b\xdaQd\xa2\x04\x87\x89\xbc\xdd-\xd7"(h\xe2\xeb5\xde\xf9\xe9\x0e5\xc8\xab}8\xcb]\xe4\xe6\xf0\x84%7.\x8b\x07\xda7\xcf\xe2\x01\xbeX6a\x95\x95\xe3\x82\xc2\x91X4U4\xf4\xc7h!H\x85[qV\x90\xc0Y\xcc\xb2X\x06\x86\x97g\x1bL\x18BR\xfd,QA\xc4\x9a\xf6\xdc\xb3\xd9i\x1d\xacMU@`O\x96\x959\xd7Q\x8b9\xcb\xd5:\xae\~\xfd\xdd0zu\x12*\x88"j\xe0w\x8d\xbc\x19\xee\xafE\xec\x90;`\xf1\x7f\xd4#@\x19\xd4\xb3{\E\x0e\x81\xfc\xce\x0f\x89'K\xba\x9a\x05\x11|\xe1p\x1f\\xeb\x1dvS\x99\xc2\x98YbUa\x87.\x81\x08\xd9\x88 g`\x1e\x02l\x0eNZ\xe1@\xf9,\xd4*\xb6\xd9G\x8b* \xf7\x93\xfb\x80r\xa1\xf4\xad\x02\xdf\xed\x90\xa6\xfc IoControlCode => 3735560 InBuffer => 6\xfd#\xb5\xf8J\xae\x1aHWI\x1dQ\x87J{\x1fG>\xf3a\xd7\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 09:16:53,085 | 468 | DeviceIoControl |
DeviceHandle => 0x00000090 OutBuffer => \x06\xa8\xf6B\x9e\x11\x9e\xb8P\xbc\`\x89\xaeOr\xd0\xb9\\xca\xb9[!\x16\x069\x9d\xbam'\x95\x1b\xe8\x8d\x8a\xbc\xf4a@P^9\xc8,=\xffV5D\x9f\x84V\x81b B\xebK\x83\x8a\xfe\xeb\xd9c@-G\\x88\xbc\xbe\xb1\x94\xcdD\xdf\xb2,\x08\xb6\xe8\xea/.\x12\xfbS \x06\x90E=x\x12\xbev\xa9\x84\xb6\x1c\xcb`\x85\x84\x80\x08>Y\xddOsv\x1c@)$\x9d\x86m\x11\xb2\x96\xef\xe0\x1e%\x9bs\xfa2\x81q\x17\x86\x827N\x16\x80\xddI(\x13\xb2\xe0\xcfj(\xfbn%\x989}gt\xf4[\xb6\xd3\xc8.U\xdd2_I2x/!\xb1l\xc5\xf2\x1f\xf5\xf6\x1f@Z\xe4\xa1a\x8f\x17 \xdbH\x1f#\xc3\xed\xe3P\xd7\x06\xba%x\x99\xecP\xbbD\xd0\xfd\xac=\x9d\x93F\x9a\x8a0\xd7{q\x9c\xe7\xad\xbb\xcd\xc0\x00\x0b\xdfi\x16\x8a\xdb\xa4\xf7H\x96\x92\x82\x00\xae\xe5q\x03\xca\x9eu\x14\x0ft\xdb\xddpo8\xfd=7 IoControlCode => 3735560 InBuffer => 6\xfd#\xb5\xf8J\xae\x1aHWI\x1dQ\x87.S\x0e\x02\xda3t\x93\xf7\x1fG>\xf3a\xd7\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 09:16:53,085 | 468 | DeviceIoControl |
DeviceHandle => 0x00000090 OutBuffer => ,\x9a5\xd8S\xe3\xdf\xfa{b\x16\x89f\xc6\xbb\xe4\xc98T.\x1f\x0eO2\xb6\xdc\x9bG 68e\xe5\xb2\x08n\xfc\x16\x89A\x8f<\xa8X\xc8Ol\x84\xaf\x1b\xbbpFf\x156\xe5\xbc.\x93,nn\x86\xe2%\xd0}\xa9\x15\xee\x8a\x96Sj\x9b C\xa3\x1c]v\xb5\x00\xd6%z\xb84\xcf\x1bb86\x05\xdfy\xbe\x85\x0b\xc1,\xd7\xac*\x02\xee\x96\xfazb|#P\x86\xa2\x05\x95A\x13\xf2\x9d\x8a:\xcb\xed\xe3\x80\xeb$\xfdVCVh\xe0%\x1e\x89\xf5\xb6\x06!$/\xad\xe6\xd9"9 a\xa3\xd5U\xc9N\xd5\x99n\x01}\xbd/"\x86\xb5*\xafr\xdeY,Y\xf2\x8c\xde\x08\xc5\xcf\xc7?}S\x86UE\xde\xb0-\xc0\xffp\xae\x92\xf4\xc9e7\xc7\x83\xc0\x91\xf9\xb0KAXd\x8f\x06\xd5\xb8\x97\x99;\xe9\xa4'\xaby\x96R\xc5\x13\x13\xdc\w!\xa7ex\x9a\xfd\xc1i\x0c\xc9\xb5'eRD"\x82\xab\x9d\xcb\xb4\xe2\xf2+-pe IoControlCode => 3735560 InBuffer => 6\xfd#\xb5\xf8J\xae\x1aHWI\x1dQ\x87.S\x0e\x02\xda3t\xf7\xdf\x0e\x02\xda3t\x93\xf7\x1fG>\xf3a\xd7\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 09:16:53,085 | 468 | DeviceIoControl |
DeviceHandle => 0x00000090 OutBuffer => \xc3*#Y`\x0eUH\xde/h\xbe\xadX-\xec\xe3\x12\x1d\x03\xdf:\xc5\xe6\x10\x8a\x16g\xb6\xff\xd5\xd4\x82\xfblW\x14b%Y\xda\xf8\x01M$\xda\xb2\x92\x86p\x8fgn\xe4\x92\xea\xb3a\x00\xda!\x9d\xec\xc5\xa3\x94\x84J3Y\xec\x93]/\xd2\xc1\x11\x12l\xf1\xf1mi\x0e\xcb\xb37\xfb\x13\x83\x8b\xb4Q"\x1e\xe7U\xe3\xb3\x0bq\xfb\x9c \x8a^\xeb6\xc5\xfd\xd0\xe1$\xc9\x8e\x0b\xd4\xda\xe8\xa5&\xa9\xc5\xe3\xee\xe7\x10\xb2\xd2$}\xb9\xb60R\x7fr\x06\xbc\xc2\xa9\xdda\xa1\x8a\xcd\xfa\xb6\xd3\x95; \x11=\xe2\xfa\xdem;\xaa^\x94\x05tPvc\x82}k\xab\xe2\xc0\x15\xad\xfeWf\x15\x12M\x88O\xac\xe6\xc2\x06N-_PU\xf8\x96\xf4\x19\xff%\x05\x03\x91\xa3\xd7\xd7\xeb\x8e\xb0Jw\x13:\xedv\xa0R,.$ \x9c\x81\xd6\x12\x11@\xec\x89!\xb4\x06,\x99\xf9\xcep\x1a\xb5~,]\x84%\xd1\xb9\xb1t\x97S\x1ci\xb3\xec\xf2O\x1a\x97 IoControlCode => 3735560 InBuffer => 6\xfd#\xb5\xf8J\xae\x1aHWI\x1dQ\x87.S\x0e\x02\xda3t\xf7\xdf\x0e\x02\xda3t\xf7\xdf\x0e\x02\xda3t\x93\xf7\x1fG>\xf3a\xd7\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 09:16:53,085 | 468 | DeviceIoControl |
DeviceHandle => 0x00000090 OutBuffer => \xc8\x03\x89\xa1\x178\x1b\xfbl\x81\xc4_\xd4<.F\xd7\x10\xa4\x1az\x96(\xfe3B\x88e\x83\xe7\x18K\xd0\xa5\xec\x06\xaddn\xd0\xb8\xc8\x86]\x13T\xef\x01\x8cC\x02\x83_\xb6C!>\xf2\x9d\xd7\xdb\xb1q\xd4\xdb\x8b\x1d?/\xde\xed\x12\xe0\xe3\x0b\x1f\x8d\xea\xac\xa8\xbe5\xb1\xd3\x96\xfd\xffx&\x9d0\x93\xe3\x18\x12\xaa\xf2\x9a\xafJ\xba\xa2]\xddB\x963\xcd\xed\x8bpv\xea\xb0x\xecKu\x8dsaabD\x8d\x1co1d\xb3\xd9w/K\xfe\x1d\xe5\x8c\xf6\xee\x91 \xc9&\xf9\x12\x12\xfd\x1a\xc1\xffg\xd9\xd7\x1a\xf1\xdfCUL\xe1\xa5\x84\x16 J\xae\x86\xfd'V\x8eY\xfd\xa1*\x12\x9b\xae\x1d\xacrsk\xc7\xb4\xb0T\xf49ahq\xa6c\x87BfO-\x8e1 \x8d\xf9\xdb \x90q\x17\xd9\xbd\x90\x17\x86vjm.\xe7\xc3\xa2\xac\x1f\x9b-P\xe9L0\xcf\x0f\xca\x97\x9c\x92\x1bHgw\x90Y\xdb\xa7\x8b\x853\x8fB\xacq\x02\x99a\xacT IoControlCode => 3735560 InBuffer => 6\xfd#\xb5\xf8J\xae\x1aHWI\x1dQ\x87.S\x0e\x02\xda3t\xf7\xdf\x0e\x02\xda3t\xf7\xdf\x0e\x02\xda3t\xf7\xdf\x0e\x02\xda3t\x93\xf7\x1fG>\xf3a\xd7\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 09:16:53,085 | 468 | DeviceIoControl |
DeviceHandle => 0x00000090 OutBuffer => \xce\x9f%\xfa\xf1\x0e\xb2\x07\x8cTM\x8a/m1[`K\x8d>\x8f\xbd\xf2\xbf\xcd\xea$\x9dz\x9b\xe8TPC\x14\xab|\xc8 \xc4\xact\xfd\x9d\xab\x04E\xdd~\xfe\x0b\xfb\x9d\hM 6$n$Uz\xede\xc9I\xb3| M\x87#E\x974B\x9c,k\xf6\x12\xf5 \x1a\x98@u\xe1\x0ct\x91\xdb\xb3\x9a?\xcd \xeby\xa1\xbe\xaaC`ME\x83\x10\x96G\xef\x07~\x81\x91\xf6HbB\xcco\xb2\\x7f\\xa6\xbb\xacT3\xaeL\xa0\xba\xf4"q\xd9H\xe6"\x95\xde\x1c\xe7v\xcc\xec\xd7\x02\xf0\x82\x17\x0c7\x0bd\xd7\xf5\xa5_sP\xb6\xa1\xa84\xf7\xa7\x1e\x8d\x8eR\xdf{\x99\x0c\xfdh\xa9\xe5\xa5jC\xffJW\x88\x98\xa3\xf4\x04\xd74\xba\x91e\x00B\xc1\xeaxX\xcf\x12 I\xa6\x18R\xe7\xca K\xfc&\x82\x12h]\xa5\x08kT\x9ad\xcf\xa9i\xbf\xca\xf72:A\x17\x80\x82\x95\xd8!2\x97\xe8\x90n\x06k\x0c\xa0\xd6\x18\x9d\xc0\xb6 IoControlCode => 3735560 InBuffer => 6\xfd#\xb5\xf8J\xae\x1aHWI\x1dQ\x87.S\x0e\x02\xda3t\xf7\xdf\x0e\x02\xda3t\xf7\xdf\x0e\x02\xda3t\xf7\xdf\x0e\x02\xda3t\xf7\xdf\x0e\x02\xda3t\x93\xf7\x1fG>\xf3a\xd7\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 09:16:53,085 | 468 | DeviceIoControl |
DeviceHandle => 0x00000090 OutBuffer => \x00\xdcE%\x96(\x9c\xda\xbb\xb7\xbfI\x93\x92"\xcd\x13\xa1\xf4\x143\xc3\4../\x96`\x94\x81\x95\xad-y(\xedf\xe0\x9e3\xe1\x02\xe8\x8b\x81\xf3o</\xa8\xc2i/Kb\x0cp\x07w\xb4\x89\x05m~+\x08\x99)\x8d)\xa2,\xad\xc8l\xfa%\xc3)\x1d\xe3 \xe6.m\xed\\xf3\x06\x84\xd9\x94\x10\xadQ%\x08g\x91\xc8\xe8\xcd\x81m|\x99\xcb\xc5ro?\xc4\x01\xe7\x04f 8x\x043\x0b\xfd\xb6\xf0\xd9pB\xb9\xd9\x874\xb1"m\x82f\x08\x80\xf0\D\xe5\x01\x0e^\x0b\x1b\x1b\xc4I"\x96\x86\xfc%Ee\x06\x05\x12\xa2\x99\xcbV?\x13\x8f7\x00m\xe9Q\x1b\xd9\xda>\xb7^\xc4f\xa2\x8c\x95-\xde\xefk7\xcf\x18\xa7\xeeH\xd9\xbct\xc0\x19AI\x85x\xef\xd6\xeeRd\xe7G-\xf5\x98b\xc7\xab\xa7\xc9\xdc\x19\xaa\x9f\x91\xb1\x0f\xe6)x \xfb\xae_\x1c\xec\x8a\x13&j\x8d_4Jf\xf3K\xd0\xcc \xdbz\xd3\x89Y\xea\xe6 IoControlCode => 3735560 InBuffer => 6\xfd#\xb5\xf8J\xae\x1aHWI\x1dQ\x87.S\x0e\x02\xda3t\xf7\xdf\x0e\x02\xda3t\xf7\xdf\x0e\x02\xda3t\xf7\xdf\x0e\x02\xda3t\xf7\xdf\x0e\x02\xda3t\xf7\xdf\x0e\x02\xda3t\x93\xf7\x1fG>\xf3a\xd7\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 09:16:53,095 | 468 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Adobe\Acrobat Reader\11.0\Privileged |
FAILURE | 0x00000002 | 1 time |
| 09:16:53,095 | 468 | RegOpenKeyExW |
Handle => 0x000000d8 Registry => 0x80000002 SubKey => SOFTWARE\Policies\Adobe\Acrobat Reader\11.0 |
SUCCESS | 0x00000000 | |
| 09:16:53,095 | 468 | RegQueryValueExW |
Handle => 0x000000d8 DataLength => 4 ValueName => bEnforceReadRestrictions Type => 1244092 |
FAILURE | 0x00000002 | |
| 09:16:53,095 | 468 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Adobe\Acrobat Reader\11.0\Privileged |
FAILURE | 0x00000002 | |
| 09:16:53,095 | 468 | RegQueryValueExW |
Handle => 0x00000000 DataLength => 4 ValueName => bEnforceReadRestrictions Type => 4 |
FAILURE | 0x00000006 | |
| 09:16:53,095 | 468 | RegCloseKey |
Handle => 0x000000d8 |
SUCCESS | 0x00000000 | |
| 09:16:53,095 | 468 | RegOpenKeyExW |
Handle => 0x000000d8 Registry => 0x80000002 SubKey => SOFTWARE\Policies\Adobe\Acrobat Reader\11.0 |
SUCCESS | 0x00000000 | |
| 09:16:53,095 | 468 | RegQueryValueExW |
Handle => 0x000000d8 DataLength => 4 ValueName => bEnableGlobalAtomRestrictions Type => 1244092 |
FAILURE | 0x00000002 | |
| 09:16:53,095 | 468 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Adobe\Acrobat Reader\11.0\Privileged |
FAILURE | 0x00000002 | |
| 09:16:53,095 | 468 | RegQueryValueExW |
Handle => 0x00000000 DataLength => 4 ValueName => bEnableGlobalAtomRestrictions Type => 4 |
FAILURE | 0x00000006 | |
| 09:16:53,095 | 468 | RegCloseKey |
Handle => 0x000000d8 |
SUCCESS | 0x00000000 | |
| 09:16:53,095 | 468 | RegOpenKeyExW |
Handle => 0x000000d8 Registry => 0x80000002 SubKey => SOFTWARE\Policies\Adobe\Acrobat Reader\11.0 |
SUCCESS | 0x00000000 | |
| 09:16:53,095 | 468 | RegQueryValueExW |
Handle => 0x000000d8 DataLength => 4 ValueName => bPreventCreatingExecutables Type => 1244092 |
FAILURE | 0x00000002 | |
| 09:16:53,095 | 468 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Adobe\Acrobat Reader\11.0\Privileged |
FAILURE | 0x00000002 | |
| 09:16:53,095 | 468 | RegQueryValueExW |
Handle => 0x00000000 DataLength => 4 ValueName => bPreventCreatingExecutables Type => 4 |
FAILURE | 0x00000006 | |
| 09:16:53,095 | 468 | RegCloseKey |
Handle => 0x000000d8 |
SUCCESS | 0x00000000 | |
| 09:16:53,095 | 468 | RegOpenKeyExW |
Handle => 0x000000d8 Registry => 0x80000002 SubKey => SOFTWARE\Policies\Adobe\Acrobat Reader\11.0 |
SUCCESS | 0x00000000 | |
| 09:16:53,095 | 468 | RegQueryValueExW |
Handle => 0x000000d8 DataLength => 4 ValueName => bEnableBinaryPlantingProtection Type => 1244092 |
FAILURE | 0x00000002 | |
| 09:16:53,095 | 468 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Adobe\Acrobat Reader\11.0\Privileged |
FAILURE | 0x00000002 | |
| 09:16:53,095 | 468 | RegQueryValueExW |
Handle => 0x00000000 DataLength => 4 ValueName => bEnableBinaryPlantingProtection Type => 4 |
FAILURE | 0x00000006 | |
| 09:16:53,095 | 468 | RegCloseKey |
Handle => 0x000000d8 |
SUCCESS | 0x00000000 | |
| 09:16:53,095 | 468 | RegOpenKeyExW |
Handle => 0x000000d8 Registry => 0x80000002 SubKey => Software\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown |
SUCCESS | 0x00000000 | |
| 09:16:53,095 | 468 | RegQueryValueExW |
Handle => 0x000000d8 DataLength => 4 ValueName => bEnableSameObjectCheck Type => 1244160 |
FAILURE | 0x00000002 | |
| 09:16:53,095 | 468 | RegCloseKey |
Handle => 0x000000d8 |
SUCCESS | 0x00000000 | |
| 09:16:53,095 | 468 | RegOpenKeyExW |
Handle => 0x000000d8 Registry => 0x80000002 SubKey => Software\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown |
SUCCESS | 0x00000000 | |
| 09:16:53,095 | 468 | RegQueryValueExW |
Handle => 0x000000d8 DataLength => 4 ValueName => bFilePathPreprocessingShortcutEnabled Type => 1244160 |
FAILURE | 0x00000002 | |
| 09:16:53,095 | 468 | RegCloseKey |
Handle => 0x000000d8 |
SUCCESS | 0x00000000 | |
| 09:16:53,095 | 468 | LdrLoadDll |
Flags => 1243912 BaseAddress => 0x77dd0000 FileName => ADVAPI32.DLL |
SUCCESS | 0x00000000 | |
| 09:16:53,095 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SystemFunction036 FunctionAddress => 0x77dd8292 ModuleHandle => 0x77dd0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,095 | 468 | RegOpenKeyExW |
Handle => 0x000000d8 Registry => 0x80000002 SubKey => Software\Adobe\Acrobat Reader\11.0\Installer |
SUCCESS | 0x00000000 | |
| 09:16:53,095 | 468 | RegQueryValueExW |
Handle => 0x000000d8 Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\\x00A\x00d\x00o\x00b\x00e\x00\\x00R\x00e\x00a\x00d\x00e\x00r\x00 \x001\x001\x00.\x000\x00\\x00\x00\x00 ValueName => Path |
SUCCESS | 0x00000000 | |
| 09:16:53,095 | 468 | RegCloseKey |
Handle => 0x000000d8 |
SUCCESS | 0x00000000 | |
| 09:16:53,105 | 468 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x001d11a8 | |
| 09:16:53,105 | 468 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x001d11a8 | |
| 09:16:53,105 | 468 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x001d11a8 | |
| 09:16:53,105 | 468 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x001d11a8 | |
| 09:16:53,105 | 468 | NtCreateFile |
ShareAccess => 0 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\sep14cfs-c1.pdf DesiredAccess => 0x00100080 CreateDisposition => 1 FileHandle => 0x000000d8 |
SUCCESS | 0x00000000 | |
| 09:16:53,105 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0018a9a8 | |
| 09:16:53,105 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Temp |
SUCCESS | 0x0018a9a8 | |
| 09:16:53,105 | 468 | NtOpenDirectoryObject |
DirectoryHandle => 0x000000d8 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:53,125 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0018a9a8 | |
| 09:16:53,125 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Temp |
SUCCESS | 0x0018a9a8 | |
| 09:16:53,125 | 468 | LdrLoadDll |
Flags => 1242576 BaseAddress => 0x71b20000 FileName => MPR.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,125 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => WNetGetUniversalNameW FunctionAddress => 0x71b2c7a6 ModuleHandle => 0x71b20000 |
SUCCESS | 0x00000000 | |
| 09:16:53,125 | 468 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Adobe\Acrobat Reader\11.0\AVGeneral\cRecentFiles\c1 |
FAILURE | 0x00000002 | |
| 09:16:53,125 | 468 | CreateThread |
ThreadId => 508 StartRoutine => 0x00420110 Parameter => 0x00d54060 CreationFlags => 0 |
SUCCESS | 0x000000f0 | |
| 09:16:53,125 | 468 | CreateThread |
ThreadId => 348 StartRoutine => 0x00420670 Parameter => 0x00d548c0 CreationFlags => 0 |
SUCCESS | 0x000000fc | |
| 09:16:53,125 | 468 | RegOpenKeyExW |
Handle => 0x00000100 Registry => 0x80000002 SubKey => Software\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown |
SUCCESS | 0x00000000 | |
| 09:16:53,125 | 468 | RegQueryValueExW |
Handle => 0x00000100 DataLength => 4 ValueName => bDisableCryptBroker Type => 1243612 |
FAILURE | 0x00000002 | |
| 09:16:53,125 | 468 | RegCloseKey |
Handle => 0x00000100 |
SUCCESS | 0x00000000 | |
| 09:16:53,135 | 468 | CreateThread |
ThreadId => 548 StartRoutine => 0x00421670 Parameter => 0x00d9d860 CreationFlags => 0 |
SUCCESS | 0x00000108 | |
| 09:16:53,135 | 468 | CreateThread |
ThreadId => 264 StartRoutine => 0x004217e0 Parameter => 0x00d540d0 CreationFlags => 0 |
SUCCESS | 0x00000114 | |
| 09:16:53,135 | 468 | CreateThread |
ThreadId => 556 StartRoutine => 0x004219b0 Parameter => 0x00d54980 CreationFlags => 0 |
SUCCESS | 0x00000120 | |
| 09:16:53,135 | 468 | CreateThread |
ThreadId => 580 StartRoutine => 0x00421e70 Parameter => 0x0039a8e8 CreationFlags => 0 |
SUCCESS | 0x0000012c | |
| 09:16:53,145 | 468 | NtOpenKey |
DesiredAccess => 33554432 KeyHandle => 0x00000130 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 09:16:53,145 | 468 | NtOpenKey |
DesiredAccess => 983103 KeyHandle => 0x00000134 ObjectAttributes => Keyboard Layout\Preload |
SUCCESS | 0x00000000 | |
| 09:16:53,145 | 468 | NtQueryValueKey |
Information => 0\x000\x000\x000\x000\x004\x000\x009\x00\x00\x00 KeyHandle => 0x00000134 ValueName => 1 Type => 1 |
SUCCESS | 0x00000000 | |
| 09:16:53,145 | 468 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000130 ObjectAttributes => \Registry\Machine\System\CurrentControlSet\Control\Keyboard Layouts\00000409 |
SUCCESS | 0x00000000 | |
| 09:16:53,145 | 468 | NtQueryValueKey |
Information => K\x00B\x00D\x00U\x00S\x00.\x00D\x00L\x00L\x00\x00\x00 KeyHandle => 0x00000130 ValueName => Layout File Type => 1 |
SUCCESS | 0x00000000 | |
| 09:16:53,145 | 468 | NtQueryValueKey |
KeyHandle => 0x00000130 ValueName => Attributes |
FAILURE | 3221225524 | |
| 09:16:53,145 | 468 | LdrLoadDll |
Flags => 1240992 BaseAddress => 0x5fff0000 FileName => KBDUS.DLL |
SUCCESS | 0x00000000 | |
| 09:16:53,145 | 468 | LdrGetProcedureAddress |
Ordinal => 3 FunctionName => FunctionAddress => 0x00000003 ModuleHandle => 0x5fff0000 |
FAILURE | 3221225784 | |
| 09:16:53,145 | 468 | LdrGetProcedureAddress |
Ordinal => 5 FunctionName => FunctionAddress => 0x00000005 ModuleHandle => 0x5fff0000 |
FAILURE | 3221225784 | |
| 09:16:53,145 | 468 | LdrGetProcedureAddress |
Ordinal => 6 FunctionName => FunctionAddress => 0x00000006 ModuleHandle => 0x5fff0000 |
FAILURE | 3221225784 | |
| 09:16:53,145 | 468 | LdrGetProcedureAddress |
Ordinal => 1 FunctionName => FunctionAddress => 0x5fff1a5a ModuleHandle => 0x5fff0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,145 | 468 | LdrGetProcedureAddress |
Ordinal => 2 FunctionName => FunctionAddress => 0x00000002 ModuleHandle => 0x5fff0000 |
FAILURE | 3221225784 | |
| 09:16:53,145 | 580 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInitialize FunctionAddress => 0x77502a53 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | 1 time |
| 09:16:53,155 | 468 | NtCreateFile |
ShareAccess => 1 FileName => C:\WINDOWS\system32\KBDUS.DLL DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x00000140 |
SUCCESS | 0x00000000 | |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => adialhk.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => acpiz.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => avgrsstx.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => babylonchromepi.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => babylo~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => btkeyind.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => cmcsyshk.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => cmsetac.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => cooliris.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => dockshellhook.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => docksh~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => easyhook32.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => easyho~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => googledesktopnetwork3.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => google~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => fwhook.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => hookprocesscreation.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => hookpr~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => hookterminateapis.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => hookte~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => hookprintapis.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => hookpr~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => imon.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => ioloHL.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => kloehk.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => lawenforcer.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => lawenf~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => libdivx.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => lvprcinj01.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => lvprci~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => madchook.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => mdnsnsp.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => moonsysh.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => mpk.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => npdivx32.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => npggNT.des |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => npggNT.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => oawatch.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexplorer-10513.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexpl~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexplorer-10514.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexpl~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexplorer-10515.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexpl~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexplorer-10516.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexpl~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexplorer-10517.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexpl~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexplorer-10518.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexpl~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexplorer-10519.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexpl~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexplorer-10520.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexpl~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexplorer-10521.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexpl~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexplorer-10522.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexpl~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,155 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexplorer-10523.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => owexpl~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => pavhook.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => pavlsphook.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => pavlsp~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => pavshook.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => pavshookwow.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => pavsho~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => pctavhook.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => pctavh~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => pctgmhk.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => prntrack.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => protector.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => protec~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => radhslib.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => radprlib.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => rapportnikko.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => rappor~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => rlhook.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => rooksdol.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => rpchromebrowserrecordhelper.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => rpchro~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => r3hook.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => sahook.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => sbrige.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => sc2hook.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => sdhook32.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => sguard.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => smum32.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => smumhook.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => ssldivx.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => syncor11.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => systools.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => tfwah.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => wblind.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => wbhelp.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => winstylerthemehelper.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => winsty~1.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,165 | 468 | RegOpenKeyExW |
Handle => 0x00000150 Registry => 0x80000002 SubKey => Software\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown |
SUCCESS | 0x00000000 | |
| 09:16:53,165 | 468 | RegQueryValueExW |
Handle => 0x00000150 DataLength => 4 ValueName => bUseWhitelistConfigFile Type => 1243632 |
FAILURE | 0x00000002 | |
| 09:16:53,165 | 468 | RegCloseKey |
Handle => 0x00000150 |
SUCCESS | 0x00000000 | |
| 09:16:53,165 | 468 | RegOpenKeyExW |
Handle => 0x00000150 Registry => 0x80000002 SubKey => Software\Adobe\Acrobat Reader\11.0\Installer |
SUCCESS | 0x00000000 | |
| 09:16:53,165 | 468 | RegQueryValueExW |
Handle => 0x00000150 Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\\x00A\x00d\x00o\x00b\x00e\x00\\x00R\x00e\x00a\x00d\x00e\x00r\x00 \x001\x001\x00.\x000\x00\\x00\x00\x00 ValueName => Path |
SUCCESS | 0x00000000 | |
| 09:16:53,165 | 468 | RegCloseKey |
Handle => 0x00000150 |
SUCCESS | 0x00000000 | |
| 09:16:53,165 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SHGetFolderPathW FunctionAddress => 0x7c9eed76 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,165 | 468 | RegOpenKeyExW |
Handle => 0x00000154 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion |
SUCCESS | 0x00000000 | |
| 09:16:53,165 | 468 | RegQueryValueExW |
Handle => 0x00000154 Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\x00\x00 ValueName => ProgramFilesDir |
SUCCESS | 0x00000000 | |
| 09:16:53,165 | 468 | RegCloseKey |
Handle => 0x00000154 |
SUCCESS | 0x00000000 | |
| 09:16:53,165 | 468 | FindFirstFileExW |
FileName => C:\WINDOWS |
SUCCESS | 0x001e61a8 | 1 time |
| 09:16:53,165 | 468 | RegOpenKeyExW |
Handle => 0x00000154 Registry => 0x80000002 SubKey => Software\Adobe\Acrobat Reader\11.0\Installer |
SUCCESS | 0x00000000 | |
| 09:16:53,165 | 468 | RegQueryValueExW |
Handle => 0x00000154 Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\\x00A\x00d\x00o\x00b\x00e\x00\\x00R\x00e\x00a\x00d\x00e\x00r\x00 \x001\x001\x00.\x000\x00\\x00\x00\x00 ValueName => Path |
SUCCESS | 0x00000000 | |
| 09:16:53,165 | 468 | RegCloseKey |
Handle => 0x00000154 |
SUCCESS | 0x00000000 | |
| 09:16:53,165 | 468 | FindFirstFileExW |
FileName => C:\Program Files\Adobe |
SUCCESS | 0x001e61a8 | 2 times |
| 09:16:53,165 | 468 | FindFirstFileExW |
FileName => C:\Program Files\Adobe\Reader 11.0\Reader |
SUCCESS | 0x001e61a8 | |
| 09:16:53,165 | 468 | FindFirstFileExW |
FileName => C:\Program Files\Adobe |
SUCCESS | 0x001e61a8 | |
| 09:16:53,165 | 468 | FindFirstFileExW |
FileName => C:\Program Files\Adobe\Reader 11.0\Reader |
SUCCESS | 0x001e61a8 | |
| 09:16:53,165 | 468 | RegCreateKeyExW |
Handle => 0x00000154 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 09:16:53,165 | 468 | RegQueryValueExW |
Handle => 0x00000154 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => AppData |
SUCCESS | 0x00000000 | |
| 09:16:53,165 | 468 | RegCloseKey |
Handle => 0x00000154 |
SUCCESS | 0x00000000 | |
| 09:16:53,165 | 468 | RegCreateKeyExW |
Handle => 0x00000154 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 09:16:53,165 | 468 | RegSetValueExW |
Handle => 0x00000154 Buffer => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => AppData Type => 1 |
SUCCESS | 0x00000000 | |
| 09:16:53,165 | 468 | RegCloseKey |
Handle => 0x00000154 |
SUCCESS | 0x00000000 | |
| 09:16:53,165 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x001e69a8 | 5 times |
| 09:16:53,175 | 468 | RegCreateKeyExW |
Handle => 0x0000015c Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 09:16:53,175 | 468 | RegQueryValueExW |
Handle => 0x0000015c Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => Local AppData |
SUCCESS | 0x00000000 | |
| 09:16:53,175 | 468 | RegCloseKey |
Handle => 0x0000015c |
SUCCESS | 0x00000000 | |
| 09:16:53,175 | 468 | RegCreateKeyExW |
Handle => 0x0000015c Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 09:16:53,175 | 468 | RegSetValueExW |
Handle => 0x0000015c Buffer => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => Local AppData Type => 1 |
SUCCESS | 0x00000000 | |
| 09:16:53,175 | 468 | RegCloseKey |
Handle => 0x0000015c |
SUCCESS | 0x00000000 | |
| 09:16:53,175 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x001e69a8 | 3 times |
| 09:16:53,175 | 468 | RegCreateKeyExW |
Handle => 0x0000015c Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 09:16:53,175 | 468 | RegQueryValueExW |
Handle => 0x0000015c Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00o\x00r\x00a\x00r\x00y\x00 \x00I\x00n\x00t\x00e\x00r\x00n\x00e\x00t\x00 \x00F\x00i\x00l\x00e\x00s\x00\x00\x00 ValueName => Cache |
SUCCESS | 0x00000000 | |
| 09:16:53,175 | 468 | RegCloseKey |
Handle => 0x0000015c |
SUCCESS | 0x00000000 | |
| 09:16:53,175 | 468 | RegCreateKeyExW |
Handle => 0x0000015c Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 09:16:53,175 | 468 | RegSetValueExW |
Handle => 0x0000015c Buffer => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00o\x00r\x00a\x00r\x00y\x00 \x00I\x00n\x00t\x00e\x00r\x00n\x00e\x00t\x00 \x00F\x00i\x00l\x00e\x00s\x00\x00\x00 ValueName => Cache Type => 1 |
SUCCESS | 0x00000000 | |
| 09:16:53,175 | 468 | RegCloseKey |
Handle => 0x0000015c |
SUCCESS | 0x00000000 | |
| 09:16:53,175 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x001e69a8 | 7 times |
| 09:16:53,175 | 468 | CreateDirectoryExW |
DirectoryName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx |
SUCCESS | 0x00000001 | |
| 09:16:53,185 | 468 | NtCreateFile |
ShareAccess => 3 FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx DesiredAccess => 0x00120089 CreateDisposition => 1 FileHandle => 0x00000160 |
SUCCESS | 0x00000000 | |
| 09:16:53,185 | 468 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x001e69a8 | |
| 09:16:53,185 | 468 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x001e69a8 | |
| 09:16:53,185 | 468 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x001e69a8 | |
| 09:16:53,185 | 468 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x001e69a8 | |
| 09:16:53,185 | 264 | LdrLoadDll |
Flags => 21362876 BaseAddress => 0x5ad70000 FileName => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,185 | 264 | IsDebuggerPresent | FAILURE | 0x00000000 | ||
| 09:16:53,185 | 264 | LdrLoadDll |
Flags => 21362696 BaseAddress => 0x5ad70000 FileName => uxtheme.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,185 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SHCreateDirectoryExW FunctionAddress => 0x7ca0b24a ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,185 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
FAILURE | 0x00000000 | |
| 09:16:53,185 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings |
FAILURE | 0x00000000 | |
| 09:16:53,185 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW |
FAILURE | 0x00000000 | |
| 09:16:53,185 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Application Data |
FAILURE | 0x00000000 | |
| 09:16:53,195 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00000001 | |
| 09:16:53,195 | 468 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:16:53,195 | 468 | RegOpenKeyExW |
Handle => 0x00000168 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:16:53,195 | 468 | RegQueryValueExW |
Handle => 0x00000168 DataLength => 4 ValueName => NoNetHood Type => 1239916 |
FAILURE | 0x00000002 | |
| 09:16:53,195 | 468 | RegCloseKey |
Handle => 0x00000168 |
SUCCESS | 0x00000000 | |
| 09:16:53,195 | 468 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:16:53,195 | 468 | RegOpenKeyExW |
Handle => 0x00000168 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:16:53,195 | 468 | RegQueryValueExW |
Handle => 0x00000168 DataLength => 4 ValueName => NoPropertiesMyComputer Type => 1239916 |
FAILURE | 0x00000002 | |
| 09:16:53,195 | 468 | RegCloseKey |
Handle => 0x00000168 |
SUCCESS | 0x00000000 | |
| 09:16:53,195 | 468 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:16:53,195 | 468 | RegOpenKeyExW |
Handle => 0x00000168 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:16:53,195 | 468 | RegQueryValueExW |
Handle => 0x00000168 DataLength => 4 ValueName => NoInternetIcon Type => 1239916 |
FAILURE | 0x00000002 | |
| 09:16:53,195 | 468 | RegCloseKey |
Handle => 0x00000168 |
SUCCESS | 0x00000000 | |
| 09:16:53,195 | 468 | LdrGetProcedureAddress |
Ordinal => 236 FunctionName => FunctionAddress => 0x773e1798 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,195 | 468 | LdrGetDllHandle |
ModuleHandle => 0x774e0000 FileName => OLE32.DLL |
SUCCESS | 0x00000000 | |
| 09:16:53,195 | 468 | LdrLoadDll |
Flags => 1239076 BaseAddress => 0x774e0000 FileName => ole32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,195 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoGetMalloc FunctionAddress => 0x774fdd08 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,195 | 468 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:16:53,195 | 468 | RegOpenKeyExW |
Handle => 0x00000168 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:16:53,205 | 468 | RegQueryValueExW |
Handle => 0x00000168 DataLength => 4 ValueName => NoCommonGroups Type => 1239916 |
FAILURE | 0x00000002 | |
| 09:16:53,205 | 468 | RegCloseKey |
Handle => 0x00000168 |
SUCCESS | 0x00000000 | |
| 09:16:53,205 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CreateBindCtx FunctionAddress => 0x774fe54c ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,205 | 468 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D} |
FAILURE | 0x00000002 | |
| 09:16:53,205 | 468 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:16:53,205 | 468 | RegOpenKeyExW |
Handle => 0x00000168 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:16:53,205 | 468 | RegQueryValueExW |
Handle => 0x00000168 DataLength => 4 ValueName => NoControlPanel Type => 1238272 |
FAILURE | 0x00000002 | |
| 09:16:53,205 | 468 | RegCloseKey |
Handle => 0x00000168 |
SUCCESS | 0x00000000 | |
| 09:16:53,205 | 468 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:16:53,205 | 468 | RegOpenKeyExW |
Handle => 0x00000168 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:16:53,205 | 468 | RegQueryValueExW |
Handle => 0x00000168 DataLength => 4 ValueName => NoSetFolders Type => 1238272 |
FAILURE | 0x00000002 | |
| 09:16:53,205 | 468 | RegCloseKey |
Handle => 0x00000168 |
SUCCESS | 0x00000000 | |
| 09:16:53,205 | 468 | RegOpenKeyExA |
Handle => 0x0000016e Registry => 0x80000000 SubKey => CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 09:16:53,205 | 468 | RegQueryValueExW |
Handle => 0x0000016e Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00S\x00H\x00E\x00L\x00L\x003\x002\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:16:53,205 | 468 | LdrLoadDll |
Flags => 1238852 BaseAddress => 0x7c9c0000 FileName => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,205 | 468 | RegCloseKey |
Handle => 0x0000016e |
SUCCESS | 0x00000000 | |
| 09:16:53,205 | 468 | RegOpenKeyExW |
Handle => 0x0000016e Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions |
SUCCESS | 0x00000000 | |
| 09:16:53,205 | 468 | RegEnumKeyW |
Handle => 0x0000016e Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 0 |
SUCCESS | 0x00000000 | |
| 09:16:53,205 | 468 | RegOpenKeyExW |
Handle => 0x00000172 Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
SUCCESS | 0x00000000 | |
| 09:16:53,205 | 468 | RegQueryValueExW |
Handle => 0x00000172 Data => 32 ValueName => DriveMask |
SUCCESS | 0x00000000 | |
| 09:16:53,215 | 468 | RegCloseKey |
Handle => 0x00000172 |
SUCCESS | 0x00000000 | |
| 09:16:53,215 | 468 | RegEnumKeyW |
Handle => 0x0000016e Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 1 |
FAILURE | 0x00000103 | |
| 09:16:53,215 | 468 | RegCloseKey |
Handle => 0x0000016e |
SUCCESS | 0x00000000 | |
| 09:16:53,215 | 468 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:16:53,215 | 468 | RegOpenKeyExW |
Handle => 0x0000016c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:16:53,215 | 468 | RegQueryValueExW |
Handle => 0x0000016c DataLength => 4 ValueName => AllowFileCLSIDJunctions Type => 1237108 |
FAILURE | 0x00000002 | |
| 09:16:53,215 | 468 | RegCloseKey |
Handle => 0x0000016c |
SUCCESS | 0x00000000 | |
| 09:16:53,215 | 468 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x0000016c FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 09:16:53,215 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef60 SectionHandle => 0x0000016c ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,215 | 264 | GetSystemMetrics |
SystemMetricIndex => 31 |
SUCCESS | 0x00000019 | |
| 09:16:53,215 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef80 SectionHandle => 0x00000170 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,225 | 264 | ZwMapViewOfSection |
SectionOffset => 0x0145f6f0 SectionHandle => 0x00000174 ProcessHandle => 0xffffffff BaseAddress => 0x01970000 |
SUCCESS | 0x00000000 | |
| 09:16:53,225 | 264 | GetSystemMetrics |
SystemMetricIndex => 31 |
SUCCESS | 0x00000019 | 1 time |
| 09:16:53,225 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00000001 | |
| 09:16:53,225 | 468 | RegOpenKeyExW |
Handle => 0x00000172 Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions |
SUCCESS | 0x00000000 | |
| 09:16:53,225 | 468 | RegEnumKeyW |
Handle => 0x00000172 Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 0 |
SUCCESS | 0x00000000 | |
| 09:16:53,225 | 468 | RegOpenKeyExW |
Handle => 0x0000017a Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
SUCCESS | 0x00000000 | |
| 09:16:53,235 | 468 | RegQueryValueExW |
Handle => 0x0000017a Data => 32 ValueName => DriveMask |
SUCCESS | 0x00000000 | |
| 09:16:53,235 | 468 | RegCloseKey |
Handle => 0x0000017a |
SUCCESS | 0x00000000 | |
| 09:16:53,235 | 468 | RegEnumKeyW |
Handle => 0x00000172 Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 1 |
FAILURE | 0x00000103 | |
| 09:16:53,235 | 468 | RegCloseKey |
Handle => 0x00000172 |
SUCCESS | 0x00000000 | |
| 09:16:53,235 | 468 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x00000170 FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 09:16:53,235 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef60 SectionHandle => 0x00000170 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,235 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef80 SectionHandle => 0x00000178 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,235 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00000001 | |
| 09:16:53,235 | 468 | RegOpenKeyExW |
Handle => 0x0000017a Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions |
SUCCESS | 0x00000000 | |
| 09:16:53,245 | 468 | RegEnumKeyW |
Handle => 0x0000017a Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 0 |
SUCCESS | 0x00000000 | |
| 09:16:53,245 | 468 | RegOpenKeyExW |
Handle => 0x00000172 Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
SUCCESS | 0x00000000 | |
| 09:16:53,245 | 468 | RegQueryValueExW |
Handle => 0x00000172 Data => 32 ValueName => DriveMask |
SUCCESS | 0x00000000 | |
| 09:16:53,245 | 468 | RegCloseKey |
Handle => 0x00000172 |
SUCCESS | 0x00000000 | |
| 09:16:53,245 | 468 | RegEnumKeyW |
Handle => 0x0000017a Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 1 |
FAILURE | 0x00000103 | |
| 09:16:53,245 | 468 | RegCloseKey |
Handle => 0x0000017a |
SUCCESS | 0x00000000 | |
| 09:16:53,245 | 468 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x00000178 FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 09:16:53,245 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef60 SectionHandle => 0x00000178 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,245 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef80 SectionHandle => 0x00000170 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,255 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,255 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,255 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,255 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,255 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
FAILURE | 0x00000000 | |
| 09:16:53,255 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings |
FAILURE | 0x00000000 | |
| 09:16:53,255 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW |
FAILURE | 0x00000000 | |
| 09:16:53,255 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Local Settings |
FAILURE | 0x00000000 | |
| 09:16:53,255 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Local Settings\Application Data |
FAILURE | 0x00000000 | |
| 09:16:53,265 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00000001 | |
| 09:16:53,265 | 468 | RegOpenKeyExW |
Handle => 0x00000172 Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions |
SUCCESS | 0x00000000 | |
| 09:16:53,265 | 468 | RegEnumKeyW |
Handle => 0x00000172 Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 0 |
SUCCESS | 0x00000000 | |
| 09:16:53,265 | 468 | RegOpenKeyExW |
Handle => 0x0000017a Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
SUCCESS | 0x00000000 | |
| 09:16:53,265 | 468 | RegQueryValueExW |
Handle => 0x0000017a Data => 32 ValueName => DriveMask |
SUCCESS | 0x00000000 | |
| 09:16:53,265 | 468 | RegCloseKey |
Handle => 0x0000017a |
SUCCESS | 0x00000000 | |
| 09:16:53,265 | 468 | RegEnumKeyW |
Handle => 0x00000172 Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 1 |
FAILURE | 0x00000103 | |
| 09:16:53,265 | 468 | RegCloseKey |
Handle => 0x00000172 |
SUCCESS | 0x00000000 | |
| 09:16:53,265 | 468 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x00000170 FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 09:16:53,265 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef60 SectionHandle => 0x00000170 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,265 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef80 SectionHandle => 0x00000178 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,265 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00000001 | |
| 09:16:53,265 | 468 | RegOpenKeyExW |
Handle => 0x0000017a Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions |
SUCCESS | 0x00000000 | |
| 09:16:53,265 | 468 | RegEnumKeyW |
Handle => 0x0000017a Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 0 |
SUCCESS | 0x00000000 | |
| 09:16:53,265 | 468 | RegOpenKeyExW |
Handle => 0x00000172 Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
SUCCESS | 0x00000000 | |
| 09:16:53,265 | 468 | RegQueryValueExW |
Handle => 0x00000172 Data => 32 ValueName => DriveMask |
SUCCESS | 0x00000000 | |
| 09:16:53,265 | 468 | RegCloseKey |
Handle => 0x00000172 |
SUCCESS | 0x00000000 | |
| 09:16:53,265 | 468 | RegEnumKeyW |
Handle => 0x0000017a Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 1 |
FAILURE | 0x00000103 | |
| 09:16:53,265 | 468 | RegCloseKey |
Handle => 0x0000017a |
SUCCESS | 0x00000000 | |
| 09:16:53,275 | 468 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x00000178 FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 09:16:53,275 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef60 SectionHandle => 0x00000178 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,275 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef80 SectionHandle => 0x00000170 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,275 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00000001 | |
| 09:16:53,275 | 468 | RegOpenKeyExW |
Handle => 0x00000172 Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions |
SUCCESS | 0x00000000 | |
| 09:16:53,275 | 468 | RegEnumKeyW |
Handle => 0x00000172 Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 0 |
SUCCESS | 0x00000000 | |
| 09:16:53,275 | 468 | RegOpenKeyExW |
Handle => 0x0000017a Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
SUCCESS | 0x00000000 | |
| 09:16:53,275 | 468 | RegQueryValueExW |
Handle => 0x0000017a Data => 32 ValueName => DriveMask |
SUCCESS | 0x00000000 | |
| 09:16:53,275 | 468 | RegCloseKey |
Handle => 0x0000017a |
SUCCESS | 0x00000000 | |
| 09:16:53,275 | 468 | RegEnumKeyW |
Handle => 0x00000172 Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 1 |
FAILURE | 0x00000103 | |
| 09:16:53,275 | 468 | RegCloseKey |
Handle => 0x00000172 |
SUCCESS | 0x00000000 | |
| 09:16:53,275 | 468 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x00000170 FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 09:16:53,275 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef60 SectionHandle => 0x00000170 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,286 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef80 SectionHandle => 0x00000178 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,286 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,286 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,286 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,286 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,286 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Color |
SUCCESS | 0x00000001 | |
| 09:16:53,296 | 468 | RegOpenKeyExW |
Handle => 0x0000017a Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions |
SUCCESS | 0x00000000 | |
| 09:16:53,296 | 468 | RegEnumKeyW |
Handle => 0x0000017a Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 0 |
SUCCESS | 0x00000000 | |
| 09:16:53,296 | 468 | RegOpenKeyExW |
Handle => 0x00000172 Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
SUCCESS | 0x00000000 | |
| 09:16:53,296 | 468 | RegQueryValueExW |
Handle => 0x00000172 Data => 32 ValueName => DriveMask |
SUCCESS | 0x00000000 | |
| 09:16:53,296 | 468 | RegCloseKey |
Handle => 0x00000172 |
SUCCESS | 0x00000000 | |
| 09:16:53,296 | 468 | RegEnumKeyW |
Handle => 0x0000017a Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 1 |
FAILURE | 0x00000103 | |
| 09:16:53,296 | 468 | RegCloseKey |
Handle => 0x0000017a |
SUCCESS | 0x00000000 | |
| 09:16:53,296 | 468 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x00000178 FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 09:16:53,296 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef60 SectionHandle => 0x00000178 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,296 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef80 SectionHandle => 0x00000170 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,296 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,296 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,296 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Color |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,306 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Application Data\Adobe\Linguistics |
SUCCESS | 0x00000001 | |
| 09:16:53,306 | 468 | RegOpenKeyExW |
Handle => 0x00000172 Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions |
SUCCESS | 0x00000000 | |
| 09:16:53,306 | 468 | RegEnumKeyW |
Handle => 0x00000172 Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 0 |
SUCCESS | 0x00000000 | |
| 09:16:53,306 | 468 | RegOpenKeyExW |
Handle => 0x0000017a Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
SUCCESS | 0x00000000 | |
| 09:16:53,306 | 468 | RegQueryValueExW |
Handle => 0x0000017a Data => 32 ValueName => DriveMask |
SUCCESS | 0x00000000 | |
| 09:16:53,306 | 468 | RegCloseKey |
Handle => 0x0000017a |
SUCCESS | 0x00000000 | |
| 09:16:53,306 | 468 | RegEnumKeyW |
Handle => 0x00000172 Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 1 |
FAILURE | 0x00000103 | |
| 09:16:53,306 | 468 | RegCloseKey |
Handle => 0x00000172 |
SUCCESS | 0x00000000 | |
| 09:16:53,306 | 468 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x00000170 FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 09:16:53,306 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef60 SectionHandle => 0x00000170 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,306 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef80 SectionHandle => 0x00000178 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,316 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,316 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,316 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Application Data\Microsoft\Speech |
SUCCESS | 0x00000001 | |
| 09:16:53,316 | 468 | RegOpenKeyExW |
Handle => 0x0000017a Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions |
SUCCESS | 0x00000000 | |
| 09:16:53,316 | 468 | RegEnumKeyW |
Handle => 0x0000017a Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 0 |
SUCCESS | 0x00000000 | |
| 09:16:53,316 | 468 | RegOpenKeyExW |
Handle => 0x00000172 Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
SUCCESS | 0x00000000 | |
| 09:16:53,316 | 468 | RegQueryValueExW |
Handle => 0x00000172 Data => 32 ValueName => DriveMask |
SUCCESS | 0x00000000 | |
| 09:16:53,316 | 468 | RegCloseKey |
Handle => 0x00000172 |
SUCCESS | 0x00000000 | |
| 09:16:53,316 | 468 | RegEnumKeyW |
Handle => 0x0000017a Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 1 |
FAILURE | 0x00000103 | |
| 09:16:53,316 | 468 | RegCloseKey |
Handle => 0x0000017a |
SUCCESS | 0x00000000 | |
| 09:16:53,316 | 468 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x00000178 FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 09:16:53,316 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef60 SectionHandle => 0x00000178 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,316 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef80 SectionHandle => 0x00000170 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,316 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,316 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Microsoft\Speech |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,326 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Application Data\Adobe\LogTransport2 |
SUCCESS | 0x00000001 | |
| 09:16:53,326 | 468 | RegOpenKeyExW |
Handle => 0x00000172 Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions |
SUCCESS | 0x00000000 | |
| 09:16:53,326 | 468 | RegEnumKeyW |
Handle => 0x00000172 Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 0 |
SUCCESS | 0x00000000 | |
| 09:16:53,326 | 468 | RegOpenKeyExW |
Handle => 0x0000017a Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
SUCCESS | 0x00000000 | |
| 09:16:53,326 | 468 | RegQueryValueExW |
Handle => 0x0000017a Data => 32 ValueName => DriveMask |
SUCCESS | 0x00000000 | |
| 09:16:53,326 | 468 | RegCloseKey |
Handle => 0x0000017a |
SUCCESS | 0x00000000 | |
| 09:16:53,326 | 468 | RegEnumKeyW |
Handle => 0x00000172 Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 1 |
FAILURE | 0x00000103 | |
| 09:16:53,326 | 468 | RegCloseKey |
Handle => 0x00000172 |
SUCCESS | 0x00000000 | |
| 09:16:53,326 | 468 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x00000170 FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 09:16:53,326 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef60 SectionHandle => 0x00000170 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,326 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef80 SectionHandle => 0x00000178 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,336 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,336 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,336 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Application Data\Adobe\Headlights |
SUCCESS | 0x00000001 | |
| 09:16:53,336 | 468 | RegOpenKeyExW |
Handle => 0x0000017a Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions |
SUCCESS | 0x00000000 | |
| 09:16:53,336 | 468 | RegEnumKeyW |
Handle => 0x0000017a Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 0 |
SUCCESS | 0x00000000 | |
| 09:16:53,336 | 468 | RegOpenKeyExW |
Handle => 0x00000172 Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
SUCCESS | 0x00000000 | |
| 09:16:53,336 | 468 | RegQueryValueExW |
Handle => 0x00000172 Data => 32 ValueName => DriveMask |
SUCCESS | 0x00000000 | |
| 09:16:53,336 | 468 | RegCloseKey |
Handle => 0x00000172 |
SUCCESS | 0x00000000 | |
| 09:16:53,336 | 468 | RegEnumKeyW |
Handle => 0x0000017a Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 1 |
FAILURE | 0x00000103 | |
| 09:16:53,336 | 468 | RegCloseKey |
Handle => 0x0000017a |
SUCCESS | 0x00000000 | |
| 09:16:53,336 | 468 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x00000178 FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 09:16:53,336 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef60 SectionHandle => 0x00000178 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,346 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef80 SectionHandle => 0x00000170 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,346 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,346 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,346 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\AssetCache |
FAILURE | 0x00000000 | |
| 09:16:53,346 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings |
FAILURE | 0x00000000 | |
| 09:16:53,346 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW |
FAILURE | 0x00000000 | |
| 09:16:53,346 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Application Data |
FAILURE | 0x00000000 | |
| 09:16:53,346 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Application Data\Adobe |
FAILURE | 0x00000000 | |
| 09:16:53,356 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player |
SUCCESS | 0x00000001 | |
| 09:16:53,356 | 468 | RegOpenKeyExW |
Handle => 0x00000172 Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions |
SUCCESS | 0x00000000 | |
| 09:16:53,356 | 468 | RegEnumKeyW |
Handle => 0x00000172 Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 0 |
SUCCESS | 0x00000000 | |
| 09:16:53,356 | 468 | RegOpenKeyExW |
Handle => 0x0000017a Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
SUCCESS | 0x00000000 | |
| 09:16:53,356 | 468 | RegQueryValueExW |
Handle => 0x0000017a Data => 32 ValueName => DriveMask |
SUCCESS | 0x00000000 | |
| 09:16:53,356 | 468 | RegCloseKey |
Handle => 0x0000017a |
SUCCESS | 0x00000000 | |
| 09:16:53,356 | 468 | RegEnumKeyW |
Handle => 0x00000172 Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 1 |
FAILURE | 0x00000103 | |
| 09:16:53,356 | 468 | RegCloseKey |
Handle => 0x00000172 |
SUCCESS | 0x00000000 | |
| 09:16:53,356 | 468 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x00000170 FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 09:16:53,356 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef60 SectionHandle => 0x00000170 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,356 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef80 SectionHandle => 0x00000178 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,356 | 468 | CreateDirectoryW |
DirectoryName => C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\AssetCache |
SUCCESS | 0x00000001 | |
| 09:16:53,356 | 468 | RegOpenKeyExW |
Handle => 0x0000017a Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions |
SUCCESS | 0x00000000 | |
| 09:16:53,356 | 468 | RegEnumKeyW |
Handle => 0x0000017a Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 0 |
SUCCESS | 0x00000000 | |
| 09:16:53,366 | 468 | RegOpenKeyExW |
Handle => 0x00000172 Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
SUCCESS | 0x00000000 | |
| 09:16:53,366 | 468 | RegQueryValueExW |
Handle => 0x00000172 Data => 32 ValueName => DriveMask |
SUCCESS | 0x00000000 | |
| 09:16:53,366 | 468 | RegCloseKey |
Handle => 0x00000172 |
SUCCESS | 0x00000000 | |
| 09:16:53,366 | 468 | RegEnumKeyW |
Handle => 0x0000017a Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 1 |
FAILURE | 0x00000103 | |
| 09:16:53,366 | 468 | RegCloseKey |
Handle => 0x0000017a |
SUCCESS | 0x00000000 | |
| 09:16:53,366 | 468 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x00000178 FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 09:16:53,366 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef60 SectionHandle => 0x00000178 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,366 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012ef80 SectionHandle => 0x00000170 ProcessHandle => 0xffffffff BaseAddress => 0x003b0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,366 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,366 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,366 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x001ee1a8 | 3 times |
| 09:16:53,366 | 468 | RegCreateKeyExW |
Handle => 0x00000170 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 09:16:53,366 | 468 | RegQueryValueExW |
Handle => 0x00000170 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00M\x00y\x00 \x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00\x00\x00 ValueName => Personal |
SUCCESS | 0x00000000 | |
| 09:16:53,366 | 468 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 09:16:53,366 | 468 | RegCreateKeyExW |
Handle => 0x00000170 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 09:16:53,366 | 468 | RegSetValueExW |
Handle => 0x00000170 Buffer => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00M\x00y\x00 \x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00\x00\x00 ValueName => Personal Type => 1 |
SUCCESS | 0x00000000 | |
| 09:16:53,366 | 468 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x001ee1a8 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000170 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c900000 FileName => ntdll.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NtQueryObject FunctionAddress => 0x7c90d870 ModuleHandle => 0x7c900000 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000170 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000170 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000170 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000170 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000170 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000170 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000170 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000170 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000170 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x0000017a Access => 33554432 Registry => 0x80000000 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x0000017a |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000178 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000178 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000178 Access => 33554432 Registry => 0x80000002 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000178 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000170 Access => 33554432 Registry => 0x80000003 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x0000016c Access => 33554432 Registry => 0x80000005 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x0000016c |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x0000017c Access => 983103 Registry => 0x80000001 Class => SubKey => Software\Adobe\Adobe Acrobat\11.0 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x0000016c Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x0000016c |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x0000016c Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x0000016c |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x0000016c Access => 983103 Registry => 0x80000001 Class => SubKey => Software\Adobe\Acrobat Reader\11.0 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000180 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000180 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000180 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000180 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000184 Access => 983103 Registry => 0x80000001 Class => SubKey => Software\Adobe\Adobe Synchronizer\11.0 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000180 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000180 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000180 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000180 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000180 Access => 983103 Registry => 0x80000001 Class => SubKey => Software\Adobe\CommonFiles\Usage\Reader 11 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000188 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000188 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000188 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000188 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000188 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000188 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000188 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000188 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000188 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000188 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000188 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000188 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000188 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000188 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000188 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000188 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000188 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000188 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000188 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000188 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000188 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000188 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCreateKeyExW |
Handle => 0x00000188 Access => 33554432 Registry => 0x80000001 Class => SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegCloseKey |
Handle => 0x00000188 |
SUCCESS | 0x00000000 | |
| 09:16:53,376 | 468 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Justsystem\ATOK\Setup\Folder |
FAILURE | 0x00000002 | |
| 09:16:53,376 | 468 | RegQueryValueExW |
Handle => 0x00000000 DataLength => 0 ValueName => Atok23 Type => 1 |
FAILURE | 0x00000006 | |
| 09:16:53,376 | 468 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Justsystem\ATOK\Setup\Folder |
FAILURE | 0x00000002 | |
| 09:16:53,376 | 468 | RegQueryValueExW |
Handle => 0x00000000 DataLength => 0 ValueName => Atok24 Type => 1 |
FAILURE | 0x00000006 | |
| 09:16:53,386 | 468 | NtCreateMutant |
Handle => 0x00000188 InitialOwner => 0 MutexName => {100184D2-BDC3-477a-B8D3-65548B67914C}_456 |
SUCCESS | 0x00000000 | |
| 09:16:53,396 | 468 | LookupPrivilegeValueW |
SystemName => PrivilegeName => SeChangeNotifyPrivilege |
SUCCESS | 0x00000001 | 19 times |
| 09:16:53,426 | 468 | FindWindowW |
ClassName => 0 WindowName => _AcroAppTimer |
FAILURE | 0x00000000 | |
| 09:16:53,426 | 468 | FindWindowW |
ClassName => 0 WindowName => SafeNet Borderless Single Sign On..... |
FAILURE | 0x00000000 | |
| 09:16:53,426 | 468 | LdrLoadDll |
Flags => 1241956 BaseAddress => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,426 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CreateProcessInternalWSecure FunctionAddress => 0x7c8806f8 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,436 | 468 | CreateProcessInternalW |
ApplicationName => C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe ProcessId => 1412 CommandLine => "C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe" --channel=456.0.603814388 --type=renderer "C:\DOCUME~1\TDW\LOCALS~1\Temp\sep14cfs-c1.pdf" ThreadHandle => 0x000001b4 ProcessHandle => 0x000001b0 ThreadId => 1516 CreationFlags => 0x0100040c |
SUCCESS | 0x00000001 | |
| 09:16:53,436 | 468 | NtGetContextThread |
ThreadHandle => 0x000001b4 |
SUCCESS | 0x00000000 | |
| 09:16:53,446 | 468 | WriteProcessMemory |
Buffer => \x04\x00\x00\x00 ProcessHandle => 0x000001b0 BaseAddress => 0x0053e3c0 |
SUCCESS | 0x00000001 | |
| 09:16:53,446 | 468 | WriteProcessMemory |
Buffer => \x08\x00\x00\x00 ProcessHandle => 0x000001b0 BaseAddress => 0x0053e3c4 |
SUCCESS | 0x00000001 | |
| 09:16:53,446 | 468 | WriteProcessMemory |
Buffer => \xec\x05\x00\x00 ProcessHandle => 0x000001b0 BaseAddress => 0x0053f428 |
SUCCESS | 0x00000001 | |
| 09:16:53,446 | 468 | WriteProcessMemory |
Buffer => \x00 ProcessHandle => 0x000001b0 BaseAddress => 0x0053e3b3 |
SUCCESS | 0x00000001 | |
| 09:16:53,446 | 468 | WriteProcessMemory |
Buffer => \x00 ProcessHandle => 0x000001b0 BaseAddress => 0x0053e3b2 |
SUCCESS | 0x00000001 | |
| 09:16:53,446 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c900000 FileName => ntdll.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,446 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NtOpenKeyEx FunctionAddress => 0x00502a70 ModuleHandle => 0x7c900000 |
FAILURE | 3221225785 | |
| 09:16:53,446 | 468 | RegOpenKeyExW |
Handle => 0x000001a4 Registry => 0x80000002 SubKey => Software\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown |
SUCCESS | 0x00000000 | |
| 09:16:53,446 | 468 | RegQueryValueExW |
Handle => 0x000001a4 DataLength => 4 ValueName => bDisableCryptBroker Type => 1242944 |
FAILURE | 0x00000002 | |
| 09:16:53,446 | 468 | RegCloseKey |
Handle => 0x000001a4 |
SUCCESS | 0x00000000 | |
| 09:16:53,446 | 468 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => dgapi.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:53,446 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c900000 FileName => ntdll.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,456 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NtAddAtomEx FunctionAddress => 0x0051c138 ModuleHandle => 0x7c900000 |
FAILURE | 3221225785 | |
| 09:16:53,456 | 468 | WriteProcessMemory |
Buffer => \x0c\x00\x00\x00\x00\x00\x00\x00\xa8\x00\x00\x00(\x00\x00\x00\x04\x00\x00\x00\x00\x00k\x00e\x00r\x00n\x00e\x00l\x003\x002\x00.\x00d\x00l\x00l\x00\x00\x00 \x00\x00\x00\x03\x00\x00\x00\x0f\x00\x00\x00\xd0FF\x00CreateProcessW\x00\x00 \x00\x00\x00\x03\x00\x00\x00\x10\x00\x00\x00PHF\x00CreateProcessA\x00\x00 \x00\x00\x00\x02\x00\x00\x00^\x00\x00\x000vN\x00MoveFileExW\x00\x00\x00\x00\x00 \x00\x00\x00\x03\x00\x00\x00!\x01\x00\x00@\x9aA\x00CreateThread\x00\x00\x00\x00T\x04\x00\x00(\x00\x00\x00\x1a\x00\x00\x00\x00\x00C\x00r\x00y\x00p\x00t\x003\x002\x00.\x00d\x00l\x00l\x00\x00\x00\x00\x00$\x00\x00\x00\x02\x00\x00\x00)\x00\x00\x00P\x9fN\x00CryptProtectData\x00\x00\x00\x00(\x00\x00\x00 ProcessHandle => 0x000001b0 BaseAddress => 0x00870000 |
SUCCESS | 0x00000001 | |
| 09:16:53,456 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c900000 FileName => ntdll.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,456 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,456 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,456 | 468 | ReadProcessMemory |
Buffer => \xb8%\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2,\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d090 |
SUCCESS | 0x00000001 | |
| 09:16:53,456 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,456 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,456 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,456 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,456 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,456 | 468 | WriteProcessMemory |
Buffer => \xb8%\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2,\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\x10P\x88\x00\xc7D$\x04\x10+A\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885010 |
SUCCESS | 0x00000001 | |
| 09:16:53,456 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d090 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,456 | 468 | WriteProcessMemory |
Buffer => \xb8%\x00\x00\x00\xba(P\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d090 |
SUCCESS | 0x00000001 | |
| 09:16:53,456 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d090 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,456 | 468 | ReadProcessMemory |
Buffer => \xb8t\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x18\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d580 |
SUCCESS | 0x00000001 | |
| 09:16:53,456 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,466 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,466 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,466 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,466 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,466 | 468 | WriteProcessMemory |
Buffer => \xb8t\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x18\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0cPP\x88\x00\xc7D$\x04P\x10@\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885050 |
SUCCESS | 0x00000001 | |
| 09:16:53,466 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d580 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,466 | 468 | WriteProcessMemory |
Buffer => \xb8t\x00\x00\x00\xbahP\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d580 |
SUCCESS | 0x00000001 | |
| 09:16:53,466 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d580 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,466 | 468 | ReadProcessMemory |
Buffer => \xb8\x8b\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x08\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d6f0 |
SUCCESS | 0x00000001 | |
| 09:16:53,466 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,466 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,466 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,466 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,466 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,466 | 468 | WriteProcessMemory |
Buffer => \xb8\x8b\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x08\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\x90P\x88\x00\xc7D$\x04\xe0G@\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885090 |
SUCCESS | 0x00000001 | |
| 09:16:53,466 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d6f0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,466 | 468 | WriteProcessMemory |
Buffer => \xb8\x8b\x00\x00\x00\xba\xa8P\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d6f0 |
SUCCESS | 0x00000001 | |
| 09:16:53,466 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d6f0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,466 | 468 | ReadProcessMemory |
Buffer => \xb8\x95\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x08\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d790 |
SUCCESS | 0x00000001 | |
| 09:16:53,466 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,466 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,466 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,466 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,466 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,466 | 468 | WriteProcessMemory |
Buffer => \xb8\x95\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x08\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\xd0P\x88\x00\xc7D$\x04\x00\xedA\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x008850d0 |
SUCCESS | 0x00000001 | |
| 09:16:53,476 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d790 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,476 | 468 | WriteProcessMemory |
Buffer => \xb8\x95\x00\x00\x00\xba\xe8P\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d790 |
SUCCESS | 0x00000001 | |
| 09:16:53,476 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d790 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,476 | 468 | ReadProcessMemory |
Buffer => \xb8\xe0\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x14\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90dc40 |
SUCCESS | 0x00000001 | |
| 09:16:53,476 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,476 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,476 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,476 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,476 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,476 | 468 | WriteProcessMemory |
Buffer => \xb8\xe0\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x14\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\x10Q\x88\x00\xc7D$\x04 \xbdA\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885110 |
SUCCESS | 0x00000001 | |
| 09:16:53,476 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90dc40 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,476 | 468 | WriteProcessMemory |
Buffer => \xb8\xe0\x00\x00\x00\xba(Q\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90dc40 |
SUCCESS | 0x00000001 | |
| 09:16:53,476 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90dc40 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,476 | 468 | ReadProcessMemory |
Buffer => \xb8#\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x14\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d070 |
SUCCESS | 0x00000001 | |
| 09:16:53,476 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,476 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,476 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,476 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,476 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,476 | 468 | WriteProcessMemory |
Buffer => \xb8#\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x14\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0cPQ\x88\x00\xc7D$\x04pL@\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885150 |
SUCCESS | 0x00000001 | |
| 09:16:53,476 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d070 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,476 | 468 | WriteProcessMemory |
Buffer => \xb8#\x00\x00\x00\xbahQ\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d070 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d070 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xb8r\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x0c\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d560 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | WriteProcessMemory |
Buffer => \xb8r\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x0c\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\x90Q\x88\x00\xc7D$\x04\xd0KA\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885190 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d560 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | WriteProcessMemory |
Buffer => \xb8r\x00\x00\x00\xba\xa8Q\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d560 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d560 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xb8)\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x1c\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d0d0 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | WriteProcessMemory |
Buffer => \xb8)\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x1c\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\xd0Q\x88\x00\xc7D$\x04`\x9dA\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x008851d0 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d0d0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | WriteProcessMemory |
Buffer => \xb8)\x00\x00\x00\xba\xe8Q\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d0d0 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d0d0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xb8w\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x0c\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d5b0 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | WriteProcessMemory |
Buffer => \xb8w\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x0c\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\x10R\x88\x00\xc7D$\x04\x00\x10@\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885210 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d5b0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | WriteProcessMemory |
Buffer => \xb8w\x00\x00\x00\xba(R\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d5b0 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d5b0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xb8x\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x0c\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d5c0 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | WriteProcessMemory |
Buffer => \xb8x\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x0c\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0cPR\x88\x00\xc7D$\x04\x00NA\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885250 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d5c0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | WriteProcessMemory |
Buffer => \xb8x\x00\x00\x00\xbahR\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d5c0 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d5c0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xb8+\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x10\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d0f0 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | WriteProcessMemory |
Buffer => \xb8+\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x10\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\x90R\x88\x00\xc7D$\x04@K@\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885290 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d0f0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | WriteProcessMemory |
Buffer => \xb8+\x00\x00\x00\xba\xa8R\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d0f0 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d0f0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xb82\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x1c\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d160 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | WriteProcessMemory |
Buffer => \xb82\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x1c\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\xd0R\x88\x00\xc7D$\x04\xa0@@\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x008852d0 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d160 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | WriteProcessMemory |
Buffer => \xb82\x00\x00\x00\xba\xe8R\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d160 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d160 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xb8}\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x0c\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d610 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | WriteProcessMemory |
Buffer => \xb8}\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x0c\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\x10S\x88\x00\xc7D$\x04P\x13@\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885310 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d610 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | WriteProcessMemory |
Buffer => \xb8}\x00\x00\x00\xba(S\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d610 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d610 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xb8A\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x08\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d250 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | WriteProcessMemory |
Buffer => \xb8A\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x08\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0cPS\x88\x00\xc7D$\x04\x10\x8dF\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885350 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d250 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | WriteProcessMemory |
Buffer => \xb8A\x00\x00\x00\xbahS\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d250 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d250 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xb8\x80\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x10\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d640 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | WriteProcessMemory |
Buffer => \xb8\x80\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x10\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\x90S\x88\x00\xc7D$\x04`EF\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885390 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d640 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | WriteProcessMemory |
Buffer => \xb8\x80\x00\x00\x00\xba\xa8S\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d640 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d640 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xb8z\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x10\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d5e0 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,486 | 468 | WriteProcessMemory |
Buffer => \xb8z\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x10\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\xd0S\x88\x00\xc7D$\x040\xb1A\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x008853d0 |
SUCCESS | 0x00000001 | |
| 09:16:53,486 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d5e0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8z\x00\x00\x00\xba\xe8S\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d5e0 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d5e0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xb8{\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x0c\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d5f0 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8{\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x0c\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\x10T\x88\x00\xc7D$\x040B@\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885410 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d5f0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8{\x00\x00\x00\xba(T\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d5f0 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d5f0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xb8\xe5\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x10\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90dc90 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8\xe5\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x10\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0cPT\x88\x00\xc7D$\x04PJA\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885450 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90dc90 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8\xe5\x00\x00\x00\xbahT\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90dc90 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90dc90 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xb8\x81\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x10\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d650 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8\x81\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x10\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\x90T\x88\x00\xc7D$\x04\xd05A\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885490 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d650 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8\x81\x00\x00\x00\xba\xa8T\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d650 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d650 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xb8|\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x10\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d600 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8|\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x10\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\xd0T\x88\x00\xc7D$\x04\x00\x99A\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x008854d0 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d600 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8|\x00\x00\x00\xba\xe8T\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d600 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d600 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xb8\x82\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x14\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d660 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8\x82\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x14\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\x10U\x88\x00\xc7D$\x04\xf0C@\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885510 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d660 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8\x82\x00\x00\x00\xba(U\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d660 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d660 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xb8\x08\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x0c\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90cec0 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8\x08\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x0c\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0cPU\x88\x00\xc7D$\x04\x80#A\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885550 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90cec0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8\x08\x00\x00\x00\xbahU\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90cec0 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90cec0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xb8L\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x0c\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d300 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8L\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x0c\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\x90U\x88\x00\xc7D$\x04\xa0\xf4A\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885590 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d300 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8L\x00\x00\x00\xba\xa8U\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d300 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d300 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xb8<\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x04\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d200 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8<\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x04\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\xd0U\x88\x00\xc7D$\x04\x80\x7fN\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x008855d0 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d200 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8<\x00\x00\x00\xba\xe8U\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d200 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d200 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xb8\x96\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x14\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d7a0 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8\x96\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x14\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\x10V\x88\x00\xc7D$\x04p\x80N\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885610 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d7a0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8\x96\x00\x00\x00\xba(V\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d7a0 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d7a0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xb8l\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2(\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d500 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8l\x00\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2(\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0cPV\x88\x00\xc7D$\x04\x80\x14@\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885650 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90d500 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8l\x00\x00\x00\xbahV\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90d500 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90d500 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xb8\x0b\x01\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x08\x00\x90 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90def0 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | ReadProcessMemory |
Buffer => \xf0\xe4\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x7ffe0300 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8\x0b\x01\x00\x00\xba\x00\x03\xfe\x7f\xff\x12\xc2\x08\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x83\xec\x08R\x8bT$\x0c\x89T$\x08\xc7D$\x0c\x90V\x88\x00\xc7D$\x04pI@\x00Z\xc3 ProcessHandle => 0x000001b0 BaseAddress => 0x00885690 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000008 ProcessHandle => 0x000001b0 Address => 0x7c90def0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \xb8\x0b\x01\x00\x00\xba\xa8V\x88\x00\xff\xe2 ProcessHandle => 0x000001b0 BaseAddress => 0x7c90def0 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x7c90def0 Size => 0x0000000c |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \x10\x07\x00\x00\xd0\x06\x00\x00\x8c\xf7\x12\x00\x1b\x00\x00\x00 ProcessHandle => 0x000001b0 BaseAddress => 0x00885000 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | VirtualProtectEx |
Protection => 0x00000020 ProcessHandle => 0x000001b0 Address => 0x00885000 Size => 0x00000710 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => PV\x88\x00\x90V\x88\x00PT\x88\x00\x90T\x88\x00\x10U\x88\x00\x90S\x88\x00\xd0S\x88\x00\x10T\x88\x00\xd0T\x88\x00\x10P\x88\x00PP\x88\x00\x90P\x88\x00\xd0P\x88\x00\x10Q\x88\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd0Q\x88\x00\x10R\x88\x00\x00\x00\x00\x00PQ\x88\x00\x90Q\x88\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00PR\x88\x00\x90R\x88\x00\xd0R\x88\x00\x10S\x88\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 ProcessHandle => 0x000001b0 BaseAddress => 0x0053f598 |
SUCCESS | 0x00000001 | |
| 09:16:53,496 | 468 | WriteProcessMemory |
Buffer => \x00\x00\x87\x00 ProcessHandle => 0x000001b0 BaseAddress => 0x0053fa74 |
SUCCESS | 0x00000001 | |
| 09:16:53,506 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c900000 FileName => ntdll.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,506 | 468 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 09:16:53,506 | 468 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetModuleHandleExW FunctionAddress => 0x7c81fca9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:53,506 | 468 | WriteProcessMemory |
Buffer => P\xcf\x90|\xd0\xcf\x90|\x80\xd2\x90|p\xd3\x90|\x00\xd5\x90|\xd0\xd6\x90|\xe0\xd7\x90|p\xd8\x90|\xb0\xd8\x90|`\xd9\x90|\xf0\xde\x90|\xa4\x00\x91|\x1b\xeb\x90|\x88y\x91|b\\x92|j\xdf\x92|\xced\x92|
\xff\x90|}\x98\x91|E&\x90|*\xfe\x90|\xf0\xd7\x90|\x90\xd0\x90|@\xdc\x90|\xf0\xd6\x90|\x90\xd7\x90|\xb0\xd5\x90|\xd0\xd0\x90|P\xd2\x90|\xf0\xd0\x90|\xc0\xd5\x90|`\xd1\x90|\x10\xd6\x90|\xc0\xce\x90|\x00\xd3\x90|\x00\xd2\x90|\xa0\xd7\x90|@\xd6\x90|\xe0\xd5\x90|\xf0\xd5\x90|\x00\xd6\x90| ProcessHandle => 0x000001b0 BaseAddress => 0x0053f4b8 |
SUCCESS | 0x00000001 | |
| 09:16:53,506 | 468 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x000001a4 FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 09:16:53,506 | 468 | ZwMapViewOfSection |
SectionOffset => 0x0012f7b4 SectionHandle => 0x000001a4 ProcessHandle => 0xffffffff BaseAddress => 0x019c0000 |
SUCCESS | 0x00000000 | |
| 09:16:53,506 | 468 | WriteProcessMemory |
Buffer => \x0c\x00\x00\x00 ProcessHandle => 0x000001b0 BaseAddress => 0x0053f4ac |
SUCCESS | 0x00000001 | |
| 09:16:53,506 | 468 | WriteProcessMemory |
Buffer => \x00\x00 \x00 ProcessHandle => 0x000001b0 BaseAddress => 0x0053f560 |
SUCCESS | 0x00000001 | |
| 09:16:53,506 | 468 | WriteProcessMemory |
Buffer => \x00\x00\x00\x00 ProcessHandle => 0x000001b0 BaseAddress => 0x0053f564 |
SUCCESS | 0x00000001 | |
| 09:16:53,506 | 468 | NtCreateMutant |
Handle => 0x00000198 InitialOwner => 1 MutexName => |
SUCCESS | 0x00000000 | |
| 09:16:53,506 | 468 | CreateRemoteThread |
Parameter => 0x00000000 ProcessHandle => 0xffffffff ThreadId => 0 StartRoutine => 0x7c927ebb CreationFlags => 4 |
SUCCESS | 0x000001c8 | |
| 09:16:53,506 | 468 | NtResumeThread |
SuspendCount => 1 ThreadHandle => 0x000001c8 |
SUCCESS | 0x00000000 | |
| 09:16:53,506 | 1380 | NtDelayExecution |
Milliseconds => 1566804069 |
SUCCESS | 0x00000000 | |
| 09:16:53,506 | 468 | CreateRemoteThread |
Parameter => 0x00000000 ProcessHandle => 0xffffffff ThreadId => 0 StartRoutine => 0x7c910230 CreationFlags => 4 |
SUCCESS | 0x000001d0 | |
| 09:16:53,516 | 468 | NtResumeThread |
SuspendCount => 1 ThreadHandle => 0x000001d0 |
SUCCESS | 0x00000000 | |
| 09:16:53,516 | 468 | CreateRemoteThread |
Parameter => 0x00000000 ProcessHandle => 0xffffffff ThreadId => 0 StartRoutine => 0x7c929b6f CreationFlags => 4 |
SUCCESS | 0x000001dc | |
| 09:16:53,516 | 468 | NtResumeThread |
SuspendCount => 1 ThreadHandle => 0x000001dc |
SUCCESS | 0x00000000 | |
| 09:16:53,516 | 468 | WriteProcessMemory |
Buffer => \x04\x00\x00\x00 ProcessHandle => 0x000001b0 BaseAddress => 0x0053aae8 |
SUCCESS | 0x00000001 | |
| 09:16:53,516 | 468 | NtOpenFile |
ShareAccess => 3 FileName => C:\WINDOWS\system32 DesiredAccess => 0x00100020 FileHandle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 09:16:53,526 | 468 | NtResumeThread |
SuspendCount => 1 ThreadHandle => 0x0000019c |
SUCCESS | 0x00000000 | |
| 09:16:54,297 | 1664 | CreateRemoteThread |
Parameter => 0x00000000 ProcessHandle => 0xffffffff ThreadId => 0 StartRoutine => 0x7c910230 CreationFlags => 4 |
SUCCESS | 0x0000019c | |
| 09:16:54,297 | 1664 | NtResumeThread |
SuspendCount => 1 ThreadHandle => 0x0000019c |
SUCCESS | 0x00000000 | |
| 09:16:54,307 | 1636 | RegOpenKeyExW |
Handle => 0x0000019c Registry => 0x80000002 SubKey => System |
SUCCESS | 0x00000000 | |
| 09:16:54,317 | 1636 | RegCloseKey |
Handle => 0x0000019c |
SUCCESS | 0x00000000 | |
| 09:16:54,317 | 1636 | RegCreateKeyExW |
Handle => 0x0000019c Access => 33554432 Registry => 0x80000002 Class => SubKey => System\Acrobatbrokerserverdispatchercpp789 |
SUCCESS | 0x00000000 | |
| 09:16:54,317 | 1636 | RegCloseKey |
Handle => 0x0000019c |
SUCCESS | 0x00000000 | |
| 09:16:54,317 | 1636 | RegDeleteKeyW |
Handle => 0x80000002 SubKey => System\Acrobatbrokerserverdispatchercpp789 |
SUCCESS | 0x00000000 | |
| 09:16:54,347 | 1636 | LdrGetDllHandle |
ModuleHandle => 0x7c900000 FileName => ntdll.dll |
SUCCESS | 0x00000000 | |
| 09:16:54,347 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RtlInitUnicodeString FunctionAddress => 0x7c901295 ModuleHandle => 0x7c900000 |
SUCCESS | 0x00000000 | |
| 09:16:54,347 | 1636 | NtOpenKey |
DesiredAccess => 33554432 KeyHandle => 0x00000000 ObjectAttributes => Software\Adobe\Acrobat Reader\11.0\Installer\Migrated |
FAILURE | 3221225524 | |
| 09:16:54,347 | 1636 | NtCreateKey |
ObjectAttributes => Software\Adobe\Acrobat Reader\11.0\Installer\Migrated DesiredAccess => 3758293023 KeyHandle => 0x00000264 Class => |
SUCCESS | 0x00000000 | |
| 09:16:54,347 | 1636 | NtOpenKey |
DesiredAccess => 196639 KeyHandle => 0x00000264 ObjectAttributes => Software\Adobe\Acrobat Reader\11.0\Installer\Migrated |
SUCCESS | 0x00000000 | |
| 09:16:54,357 | 1636 | NtCreateKey |
ObjectAttributes => Software\Adobe\Acrobat Reader\11.0\Installer\Migrated DesiredAccess => 196639 KeyHandle => 0x00000264 Class => |
SUCCESS | 0x00000000 | |
| 09:16:54,357 | 1636 | NtOpenKey |
DesiredAccess => 33554432 KeyHandle => 0x00000000 ObjectAttributes => Language |
FAILURE | 3221225524 | |
| 09:16:54,357 | 1636 | NtCreateKey |
ObjectAttributes => Language DesiredAccess => 3758293023 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:54,357 | 1636 | NtCreateKey |
ObjectAttributes => UseMUI DesiredAccess => 196639 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:54,377 | 1636 | NtCreateKey |
ObjectAttributes => Software\Adobe\Acrobat Reader\11.0\Language\current DesiredAccess => 196639 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:54,407 | 1636 | NtCreateKey |
ObjectAttributes => Software\Adobe\Acrobat Reader\11.0\Originals DesiredAccess => 2 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:54,908 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | 1 time |
| 09:16:54,908 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:54,908 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:54,908 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:54,918 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x002021a8 | |
| 09:16:54,918 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:54,918 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:54,918 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:54,918 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x002021a8 | |
| 09:16:54,918 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x002021a8 | |
| 09:16:54,918 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:54,918 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:54,928 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:54,928 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x002021a8 | |
| 09:16:54,928 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x002021a8 | |
| 09:16:54,928 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:54,928 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:54,928 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:54,928 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x002021a8 | |
| 09:16:54,928 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x002021a8 | |
| 09:16:54,938 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:54,938 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:55,108 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:55,108 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:55,108 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:55,108 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:55,108 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:55,118 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:55,118 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:55,118 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:55,118 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:55,959 | 1636 | NtCreateKey |
ObjectAttributes => Software\Adobe\Acrobat Reader\11.0\ExitSection DesiredAccess => 2 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:56,160 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:56,160 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x002021a8 | |
| 09:16:56,160 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:56,160 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x002021a8 | |
| 09:16:56,160 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Color |
SUCCESS | 0x002021a8 | |
| 09:16:56,170 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:56,170 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x002021a8 | |
| 09:16:56,170 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Color |
SUCCESS | 0x002021a8 | |
| 09:16:56,170 | 1636 | NtCreateFile |
ShareAccess => 0 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Color\ACECache11.lst DesiredAccess => 0x00120196 CreateDisposition => 5 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:56,180 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:56,180 | 1636 | NtQueryInformationFile |
FileHandle => 0x00000264 FileInformation => \xc0\xd0e\x8c\x8a\xa2\xcf\x01\xc0\xd0e\x8c\x8a\xa2\xcf\x01\xc0\xd0e\x8c\x8a\xa2\xcf\x01\xc0\xd0e\x8c\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00:L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x96\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:16:56,240 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | 1 time |
| 09:16:56,240 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002021a8 | |
| 09:16:56,240 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002021a8 | |
| 09:16:56,240 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002021a8 | |
| 09:16:56,240 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:56,240 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:56,250 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:56,250 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002021a8 | |
| 09:16:56,250 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002021a8 | |
| 09:16:56,250 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002021a8 | |
| 09:16:56,250 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:56,260 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:56,270 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:56,270 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002021a8 | |
| 09:16:56,270 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002021a8 | |
| 09:16:56,270 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002021a8 | |
| 09:16:56,270 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:56,280 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:56,360 | 1636 | NtCreateKey |
ObjectAttributes => Software\Adobe\Acrobat Reader\11.0\ServicesRdr DesiredAccess => 196639 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:56,370 | 1636 | NtCreateKey |
ObjectAttributes => cInstallTypes DesiredAccess => 196639 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:56,440 | 1636 | NtCreateKey |
ObjectAttributes => Software\Adobe\Acrobat Reader\11.0\ServicesRdr DesiredAccess => 196639 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:56,440 | 1636 | NtCreateKey |
ObjectAttributes => cInstallTypes DesiredAccess => 196639 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:56,560 | 1636 | NtCreateKey |
ObjectAttributes => Software\Adobe\Acrobat Reader\11.0\ServicesRdr DesiredAccess => 196639 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:56,560 | 1636 | NtCreateKey |
ObjectAttributes => cInstallTypes DesiredAccess => 196639 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:56,700 | 1636 | NtCreateKey |
ObjectAttributes => Software\Adobe\Acrobat Reader\11.0\ServicesRdr DesiredAccess => 196639 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:56,700 | 1636 | NtCreateKey |
ObjectAttributes => cInstallData DesiredAccess => 196639 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:56,700 | 1636 | NtCreateKey |
ObjectAttributes => ccom_2E_adobe_2E_acrobat_2E_extensions_2E_files_5F_11_2E_0_2E_7_2E_0 DesiredAccess => 196639 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:56,700 | 1636 | NtCreateKey |
ObjectAttributes => Software\Adobe\Acrobat Reader\11.0\ServicesRdr DesiredAccess => 196639 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:56,710 | 1636 | NtCreateKey |
ObjectAttributes => cInstallData DesiredAccess => 196639 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:56,710 | 1636 | NtCreateKey |
ObjectAttributes => ccom_2E_adobe_2E_acrobat_2E_extensions_2E_files_5F_11_2E_0_2E_7_2E_0 DesiredAccess => 196639 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:56,710 | 1636 | NtCreateKey |
ObjectAttributes => Software\Adobe\Acrobat Reader\11.0\ServicesRdr DesiredAccess => 196639 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:56,710 | 1636 | NtCreateKey |
ObjectAttributes => cInstallTypes DesiredAccess => 196639 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:56,941 | 1636 | NtOpenKey |
DesiredAccess => 65547 KeyHandle => 0x00000268 ObjectAttributes => Software\Adobe\Adobe Synchronizer\11.0 |
SUCCESS | 0x00000000 | |
| 09:16:56,941 | 1636 | NtCreateKey |
ObjectAttributes => Software\Adobe\Adobe Synchronizer\11.0\Acrobat.com DesiredAccess => 65547 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:56,941 | 1636 | NtCreateKey |
ObjectAttributes => Software\Adobe\Adobe Synchronizer\11.0\Acrobat.com.v2 DesiredAccess => 65547 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:56,951 | 1636 | NtCreateKey |
ObjectAttributes => Software\Adobe\Adobe Synchronizer\11.0\CredentialsV2 DesiredAccess => 65547 KeyHandle => 0x00000268 Class => |
SUCCESS | 0x00000000 | |
| 09:16:57,011 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:57,011 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002021a8 | |
| 09:16:57,011 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002021a8 | |
| 09:16:57,011 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002021a8 | |
| 09:16:57,021 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:57,021 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:57,021 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:57,031 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002021a8 | |
| 09:16:57,031 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002021a8 | |
| 09:16:57,031 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002021a8 | |
| 09:16:57,031 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:57,031 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:57,031 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:57,031 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002021a8 | |
| 09:16:57,031 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002021a8 | |
| 09:16:57,031 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002021a8 | |
| 09:16:57,031 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:57,031 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:57,041 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:57,041 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002021a8 | |
| 09:16:57,041 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002021a8 | |
| 09:16:57,041 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002021a8 | |
| 09:16:57,041 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:57,041 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:57,041 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:57,041 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002021a8 | |
| 09:16:57,041 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002021a8 | |
| 09:16:57,041 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002021a8 | |
| 09:16:57,051 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:57,051 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:57,051 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:57,051 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002021a8 | |
| 09:16:57,051 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002021a8 | |
| 09:16:57,051 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002021a8 | |
| 09:16:57,051 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:57,051 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:57,051 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:57,051 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002021a8 | |
| 09:16:57,051 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002021a8 | |
| 09:16:57,051 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002021a8 | |
| 09:16:57,061 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:57,061 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:57,061 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002021a8 | |
| 09:16:57,061 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002021a8 | |
| 09:16:57,061 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002021a8 | |
| 09:16:57,061 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002021a8 | |
| 09:16:57,061 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000264 |
SUCCESS | 0x00000000 | |
| 09:16:57,061 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000268 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,012 | 1636 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000268 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 09:16:58,012 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x00000268 SubKey => SOFTWARE\Microsoft\Cryptography\Providers\Type 001 |
FAILURE | 0x00000002 | |
| 09:16:58,012 | 1636 | RegOpenKeyExA |
Handle => 0x00000268 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001 |
SUCCESS | 0x00000000 | |
| 09:16:58,012 | 1636 | RegQueryValueExA |
Handle => 0x00000268 DataLength => 40 ValueName => Name Type => 1 |
SUCCESS | 0x00000000 | |
| 09:16:58,012 | 1636 | RegQueryValueExA |
Handle => 0x00000268 Data => Microsoft Strong Cryptographic Provider\x00 ValueName => Name |
SUCCESS | 0x00000000 | |
| 09:16:58,022 | 1636 | RegCloseKey |
Handle => 0x00000268 |
SUCCESS | 0x00000000 | |
| 09:16:58,022 | 1636 | RegOpenKeyExA |
Handle => 0x00000268 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider |
SUCCESS | 0x00000000 | |
| 09:16:58,022 | 1636 | RegQueryValueExA |
Handle => 0x00000268 Data => 1 ValueName => Type |
SUCCESS | 0x00000000 | |
| 09:16:58,022 | 1636 | RegQueryValueExA |
Handle => 0x00000268 DataLength => 11 ValueName => Image Path Type => 1 |
SUCCESS | 0x00000000 | |
| 09:16:58,022 | 1636 | RegQueryValueExA |
Handle => 0x00000268 Data => rsaenh.dll\x00 ValueName => Image Path |
SUCCESS | 0x00000000 | |
| 09:16:58,022 | 1636 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => rsaenh.dll |
FAILURE | 3221225781 | 1 time |
| 09:16:58,022 | 1636 | NtOpenKey |
DesiredAccess => 1 KeyHandle => 0x0000026c ObjectAttributes => \Registry\MACHINE\System\CurrentControlSet\Control\Session Manager |
SUCCESS | 0x00000000 | |
| 09:16:58,022 | 1636 | NtQueryValueKey |
KeyHandle => 0x0000026c ValueName => SafeProcessSearchMode |
FAILURE | 3221225524 | |
| 09:16:58,022 | 1636 | NtCreateFile |
ShareAccess => 1 FileName => C:\WINDOWS\system32\rsaenh.dll DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,022 | 1636 | NtQueryInformationFile |
FileHandle => 0x0000026c FileInformation => \x000\x03\x00\x00\x00\x00\x00\x00.\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:16:58,022 | 1636 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000270 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,022 | 1636 | ZwMapViewOfSection |
SectionOffset => 0x01fbf864 SectionHandle => 0x00000270 ProcessHandle => 0xffffffff BaseAddress => 0x01fc0000 |
SUCCESS | 0x00000000 | |
| 09:16:58,022 | 1636 | NtCreateFile |
ShareAccess => 1 FileName => C:\WINDOWS\system32\rsaenh.dll DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,022 | 1636 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000270 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,022 | 1636 | ZwMapViewOfSection |
SectionOffset => 0x01fbf8c8 SectionHandle => 0x00000270 ProcessHandle => 0xffffffff BaseAddress => 0x01fc0000 |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00\xff\xff\x00\x00\xb8\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x0e\x1f\xba\x0e\x00\xb4 \xcd!\xb8\x01L\xcd!This program cannot be run in DOS mode.
$\x00\x00\x00\x00\x00\x00\x00\x14_\xd9\x13P>\xb7@P>\xb7@P>\xb7@w\xf8\xda@H>\xb7@\x931\xb8@Y>\xb7@P>\xb6@\xc5>\xb7@\x931\xea@[>\xb7@\x931\xeb@Q>\xb7@\x931\xe9@Q>\xb7@\x931\xd7@Q>\xb7@\x931\xe8@\x7f>\xb7@\x931\xed@Q>\xb7@RichP>\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00PE\x00\x00L\x01\x04\x00 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtQueryInformationFile |
FileHandle => 0x0000026c FileInformation => P\x01\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtSetInformationFile |
FileHandle => 0x0000026c FileInformation => |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x03\x00\x00\x00\x00\x00\x04\x00\x00\x10\x00\x00\x00\x00\x10\x00\x00\x10\x00\x00\x00\x00\x00\x00\x10\x00\x00\x000\xea\x02\x00\xbb\x02\x00\x00\xc4\xdd\x02\x00x\x00\x00\x00\x000\x03\x00P\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x03\x00\xc8\x10\x00\x00@\x12\x00\x00\x1c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10e\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x008\x02\x00\x00\xbc\xdb\x02\x00\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.text\x00\x00\x00\xeb\xdc\x02\x00\x00\x10\x00\x00\x00\xde\x02\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00`.data\x00\x00\x00 0\x00\x00\x00\xf0\x02\x00\x00*\x00\x00\x00\xe2\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\xc0.rsrc\x00\x00\x00P\x0c\x00\x00\x000\x03\x00\x00\x0e\x00\x00 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x00\x04\x00\x08\x00\x00\x00\x08\x00\x04\x01\x00 \x04\x01\x08\x00\x00\x00\x00 \x04\x01\x00\x00\x00\x00\x08\x00\x04\x00\x00 \x00\x01\x00 \x04\x00\x08\x00\x04\x00\x00\x00\x00\x00\x00 \x04\x01\x08 \x00\x01\x08\x00\x04\x01\x08 \x04\x00\x00\x00\x00\x01\x00\x00\x04\x01\x00 \x00\x01\x08\x00\x04\x00\x08 \x04\x00\x00 \x00\x00\x00 \x04\x01\x00\x00\x00\x01\x08 \x00\x00\x08@\x00\x00\x80@\x00 \x00\x00\x00\x00\x00\x00 \x80@\x00 \x00\x00 \x00\x00@ \x00\x80\x00\x00 \x00@ \x00\x00@ \x80\x00 \x00\x00\x00\x00\x80\x00 \x00\x80@\x00\x00\x80\x00\x00 \x80@ \x00\x00\x00 \x00@ \x00\x80@\x00 \x80\x00\x00\x00\x00\x00 \x00\x00@\x00\x00\x00\x00 \x80@\x00 \x80@ \x80\x00\x00 \x80\x00\x00\x00\x80@ \x00\x00@\x00\x00\x00\x00 \x00@ \x00\x00 \x00\x80@ \x00\x00\x00\x00\x00\x80\x00 \x00\x80@ \x00\x00 \x80@\x00 \x00\x00\x00\x00\x00 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => '\x9e\x9e\xb9\xd9\xe1\xe18\xeb\xf8\xf8\x13+\x98\x98\xb3"\x11\x113\xd2ii\xbb\xa9\xd9\xd9p\x07\x8e\x8e\x893\x94\x94\xa7-\x9b\x9b\xb6<\x1e\x1e"\x15\x87\x87\x92\xc9\xe9\xe9 \x87\xce\xceI\xaaUU\xffP((x\xa5\xdf\xdfz\x03\x8c\x8c\x8fY\xa1\xa1\xf8 \x89\x89\x80\x1a
\x17e\xbf\xbf\xda\xd7\xe6\xe61\x84BB\xc6\xd0hh\xb8\x82AA\xc3)\x99\x99\xb0Z--w\x1e\x0f\x0f\x11{\xb0\xb0\xcb\xa8TT\xfcm\xbb\xbb\xd6,\x16\x16:\xa5\xc6cc\x84\xf8||\x99\xeeww\x8d\xf6{{
\xff\xf2\xf2\xbd\xd6kk\xb1\xdeooT\x91\xc5\xc5P`00\x03\x02\x01\x01\xa9\xcegg}V++\x19\xe7\xfe\xfeb\xb5\xd7\xd7\xe6M\xab\xab\x9a\xecvvE\x8f\xca\xca\x9d\x1f\x82\x82@\x89\xc9\xc9\x87\xfa}}\x15\xef\xfa\xfa\xeb\xb2YY\xc9\x8eGG\x0b\xfb\xf0\xf0\xecA\xad\xadg\xb3\xd4\xd4\xfd_\xa2\xa2\xeaE\xaf\xaf\xbf#\x9c\x9c\xf7S\xa4\xa4\x96\xe4rr FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => m\xd6G\x13\x9a\xd7a\x8c7\xa1\x0czY\xf8\x14\x8e\xeb\x13<\x89\xce\xa9'\xee\xb7a\xc95\xe1\x1c\xe5\xedzG\xb1<\x9c\xd2\xdfYU\xf2s?\x18\x14\xceys\xc77\xbfS\xf7\xcd\xea_\xfd\xaa[\xdf=o\x14xD\xdb\x86\xca\xaf\xf3\x81\xb9h\xc4>8$4,\xc2\xa3@_\x16\x1d\xc3r\xbc\xe2%\x0c(<I\x8b\xff
\x95A9\xa8\x01q\x08\x0c\xb3\xde\xd8\xb4\xe4\x9cdV\xc1\x90{\xcb\x84a\xd52\xb6pHl\t\xd0\xb8WBPQ\xf4\xa7S~Ae\xc3\x1a\x17\xa4\x96:'^\xcb;\xabk\xf1\x1f\x9dE\xab\xac\xfaX\x93K\xe3\x03U 0\xfa\xf6\xadvm\x91\x88\xccv%\xf5\x02L\xfcO\xe5\xd7\xd7\xc5*\xcb\x80&5D\x8f\xb5b\xa3I\xde\xb1Zg%\xba\x1b\x98E\xea\x0e\xe1]\xfe\xc0\x02\xc3/u\x12\x81L\xf0\xa3\x8dF\x97\xc6k\xd3\xf9\xe7\x03\x8f_\x95\x15\x92\x9c\xeb\xbfmz\xda\x95RY-\xd4\xbe\x83\xd3Xt!)I\xe0i FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xfb\x0bA.\x9a\xd7a\x8c\x94\xdel\x87\x86\xc5{\x9a\x88\xccv\x91\xa2\xf3U\xa0\xac\xfaX\xab\xbe\xe1O\xb6\xb0\xe8B\xbd\xea\x9f \xd4\xe4\x96\x04\xdf\xf6\x8d\x13\xc2\xf8\x84\x1e\xc9\xd2\xbb=\xf8\xdc\xb20\xf3\xce\xa9'\xee\xc0\xa0*\xe5zG\xb1<tN\xbc7fU\xab*h\\xa6!Bc\x85\x10Lj\x88\x1b^q\x9f\x06Px\x92
\x0f\xd9d\x04\x06\xd4o\x16\x1d\xc3r\x18\x14\xcey2+\xedH<"\xe0C.9\xf7^ 0\xfaU\xec\x9a\xb7\x01\xe2\x93\xba
\xf0\x88\xad\x17\xfe\x81\xa0\x1c\xd4\xbe\x83-\xda\xb7\x8e&\xc8\xac\x99;\xc6\xa5\x940\x9c\xd2\xdfY\x92\xdb\xd2R\x80\xc0\xc5O\x8e\xc9\xc8D\xa4\xf6\xebu\xaa\xff\xe6~\xb8\xe4\xf1c\xb6\xed\xfch\x0c
g\xb1\x02\x03j\xba\x10\x18}\xa7\x1e\x11p\xac4.S\x9d:'^\x96(<I\x8b&5D\x80|B\x0f\xe9rK\x02\xe2`P\x15\xffnY\x18\xf4Df;\xc5Jo6\xceXt!\xd3 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xce>'\xca\x07\xc2\xc0!\xc7\xb8\x86\xd1\x1e\xeb\xe0\xcd\xd6}\xda\xeax\xd1n\xee\x7fO}\xf5\xbao\x17r\xaag\xf0\x06\xa6\x98\xc8\xa2\xc5}c
\xae
\xf9\xbe\x04\x98?\x11\x1bG\x1c\x135\x0bq\x1b\x84}\x04#\xf5w\xdb(\x93$\xc7@{\xab\xca2\xbc\xbe\xc9\x15
\xbe\x9e<L
\x10\x9c\xc4g\x1dC\xb6B>\xcb\xbe\xd4\xc5L*~e\xfc\x9c)\x7fY\xec\xfa\xd6:\xabo\xcb_\x17XGJ\x8c\x19Dl\x98/\x8aB\x91D7q\xcf\xfb\xc0\xb5\xa5\xdb\xb5\xe9[\xc2V9\xf1\x11\xf1Y\xa4\x82?\x92\xd5^\x1c\xab\x98\xaa\x07\xd8\x01[\x83\x12\xbe\x851$\xc3}\x0cUt]\xber\xfe\xb1\xde\x80\xa7\x06\xdc\x9bt\xf1\x9b\xc1\xc1i\x9b\xe4\x86G\xbe\xef\xc6\x9d\xc1\x0f\xcc\xa1\x0c$o,\xe9-\xaa\x84tJ\xdc\xa9\xb0\\xda\x88\xf9vRQ>\x98m\xc61\xa8\xc8'\x03\xb0\xc7\x7fY\xbf\xf3\x0b\xe0\xc6G\x91\xa7\xd5Qc\xca\x06g))\x14\x85
\xb7' FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x00\x00\x00\xffu\x18\xffu\x14\xffu\x10\xffvxVh\x90\x98\x01h\xe8\xcb\xf9\xff\xff\x85\xc0\x0f\x85\xc0\x00\x00\x009E\x10\x0f\x84\xb5\x00\x00\x00\x8bE\x0c\x85\xc0\x0f\x84\xaa\x00\x00\x00\x81x\x04\x05\x80\x00\x00\x0f\x85\x9d\x00\x00\x00\x83~`\x01\x0f\x85\x93\x00\x00\x00\x8bNxW\x8bx\x10\x8b\xd1\x83\xc7\x04\xc1\xe9\x02\x83\xc6,\xf3\xa5\x8b\xca\x83\xe1\x03\xf3\xa4_\xebq\xb8\x08\x00 \x80\xebp\xffu\x18\xffu\x14\xffu\x10j\x08Vh\xa0t\x01h\xeb$\xffu\x18\xffu\x14\xffu\x10j\x08Vh\xd0f\x01h\xeb\x11\xffu\x18\xffu\x14\xffu\x10j\x08Vh V\x01h\xe87\xf9\xff\xff\x85\xc0u09E\x10t)\x8bE\x0c\x85\xc0t"\x81x\x04\x05\x80\x00\x00u\x19\x83~`\x01u\x13\x8bV,\x8bH\x10\x89Q\x04\x8bV0\x89Q\x08\x83H4\x013\xc0^]\xc2\x14\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec\x83\xec\x14V3\xf6\xf7E\x18\xbf\xff\xff\xff\x89u FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => v\x81\xf9\x02f\x00\x00tX\x81\xf9\x03f\x00\x00t:\x81\xf9 f\x00\x00t2\x81\xf9
f\x00\x00vl\x81\xf9\x10f\x00\x00wd\xffu\x14\x8dM\xf0Q\xffu\xf4j\x00\xffpxPh\x90\x98\x01h\xe8\xfe\xe7\xff\xff\x85\xc0tF\x8b\xf0\xebf\xffu\x14\x8dM\xf0Q\xffu\xf4j\x00j\x08Ph\xa0t\x01h\xeb\xdd\xffu\x14\x8dM\xf0Q\xffu\xf4j\x00j\x08Ph\xd0f\x01h\xeb\xc7\xffu\x14\x8dM\xf0Q\xffu\xf4j\x00j\x08Ph V\x01h\xeb\xb1\x8bu\xf0\x8bE\x10\x8bU\xec\x03\xf2\x8b\xc8\x8b\xd1\xc1\xe9\x02\x8d{\x14\xf3\xa5\x8b\xca\x83\xe1\x03\xf3\xa4\x89\x033\xff3\xf6\x83}\xf4\x00t\x08\xffu\xf4\xe8\xf0\xa0\x01\x00\x8bE\xfc\x85\xc0t\x12\x83\xc0\xf8\x818Heapu\x07P\xff\x15\x1c \x03h\x8bE\xf8\x85\xc0t\x12\x83\xc0\xf8\x818Heapu\x07P\xff\x15\x1c \x03h\x8b\xc6\x8de\xe0_^[\xc9\xc2\x10\x00\xcc\xcc\xcc FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xe9\x02\xf3\xa5\x8b\xc8\x8bE\xfc\x83\xe1\x03\xf3\xa4\x8bu\x08\x03\xc3\x01E\x14\x8b}\x14\x8b\xcb\x8b\xc1\xc1\xe9\x02\xf3\xa5\x8b\xc8\x8bE\x08\x83\xe1\x03\xf3\xa4\x8bJ\x04\x8d4\x18\x8bE\x14\xc1\xe9\x03\x8d<\x18\x03}\xfc\x8b\xc1\xc1\xe9\x02\xf3\xa5\x8b\xc8\x8bE\xf4\x83\xc0\xecP\xffu\x0c\x83\xe1\x03\xf3\xa4\xe8\x9f\x91\x01\x00\x85\xc0t\x043\xc0\xeb&\x8b}\xf0\x8bu\xf43\xc0@\x8bM\x18\x899\x8bM\x10\x891\xeb\x113\xc0\xeb\xf0\x8bE\x18\x898\x8bE\x10\x8903\xc0@_[^\xc9\xc2\x14\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec\x8bE\x0c%\x00\xe0\x00\x00=\x00\x80\x00\x00u\x043\xc0\xeb\x1a\x8bE\x08\x8b\x80\x84\x01\x00\x00j\x00\xffu\x0c\xff4\x85(\x18\x03h\xe8c\xe1\x01\x00]\xc2\x08\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec\x8bE\x0c\x8bM\x14W3\xff-\x00$\x00\x00\x899t\x19-\x01(\x00\x00td\x83\xe8\x03tTHtFHtY-\xfaW\x00\x00u\x06 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xfa\x10f\x00\x00w\x05\x8bIx\xeb\x8a\x83&\x00\xebA\xc7\x06@\x00\x00\x00\xeb9\x8bM\x1c\x8bI\x10\x85\xc9u\x07\xb9
\x00 \x80\xeb:\x8bI\x08\x89\x0e\xeb!\xf7\xde\x1b\xf6\x81\xe6\xea\x00\x00\x00\x8b\xce\xeb#\x8bM\x14\x85\xc9t\x129\x18r\x0e\x8bU\x1c\x8bR\x04\x89\x11\x89\x183\xc9\xeb\x0c\xf7\xd9\x1b\xc9\x81\xe1\xea\x00\x00\x00\x89\x18_[3\xc0\x85\xc9\x0f\x94\xc0\x8b\xf0\x85\xf6u\x07Q\xff\x15\xc4\x11\x00h\x8b\xc6^]\xc2\x18\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xecSV\x8bu\x083\xc0\xf6\x06 Wt\x01@\x83}\x0c\x02u\x13\xbb\x84\x12\x00h\xbf|\x12\x00h\xc7E\x08t\x12\x00h\xeb\x17\x83}\x0c\x01uP\xbbl\x12\x00h\xbfd\x12\x00h\xc7E\x08\\x12\x00h\x83\xbeX\x01\x00\x00\x00t\x15j\x00P\xffu\x0ch\xb0\x1a\x03hV\xe8\xcb\xab\x00\x00\x85\xc0u&W\x8b=\xc4\x10\x00h\x81\xc6@\x01\x00\x00\xff6\xff\xd7\xffu\x08\xff6\xff\xd7S FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x8bu \x85\xf6t\x1d3\xc9;\xc1v\x17\x8dE\xdc+\xf0\x8dD
\xdc\x8a\x1c\x060\x18A;M\x18r\xf1\x8b]\xd8\x8b}\x08\x81\xff\x01f\x00\x00\x0f\x84\xf1\x00\x00\x00\x81\xff\x02f\x00\x00\x0f\x84\xbc\x00\x00\x00\x81\xff\x03f\x00\x00\x0f\x84\x87\x00\x00\x00\x81\xff f\x00\x00t\x7f\x81\xff
f\x00\x00vm\x81\xff\x10f\x00\x00v6;\xfaua\x8bM\x18\x8bu\xd0\x8b\xc1\xc1\xe9\x02\x83}$\x01\x8d}\xect\x03\x8bu\xd4\xf3\xa5\x8b\xc8\x8dE\xecP\xffu\x18\x83\xe1\x03S\xf3\xa4\xe8\x18\xec\x00\x00\xe9\xb2\x00\x00\x00\x83}$\x01u\x15j\x01S\x8dE\xdcP\x8dE\xecP\xe8\x8d\xea\x00\x00\xe9\x9d\x00\x00\x00j\x00S\xffu\xd4\x8dE\xecP\xe8y\xea\x00\x00\xe9\x83\x00\x00\x00\xbe\x08\x00 \x80\xe9\xc7\x00\x00\x00\x83}$\x01u\x12j\x01S\x8dE\xdcP\x8dE\xecP\xe8d\xc6\x00\x00\xebgj\x00S\xffu\xd4\x8dE\xecP\xe8S\xc6\x00\x00\xebP\x83}$\x01u FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x01\x00\x00\x8dE\xf4PV\xffu\x18\xe8\xcd\xcb\xff\xff\x85\xc0\x0f\x84D\x01\x00\x009u\xf0\x8bE\xf4\x8bM\x14\x8d<\x01u\x17W\xe8@a\x01\x00\x8b\xd8;\xde\x89]\xecu\x11j\x08^\xe9\xb6\x01\x00\x00\x8b]\xf8\x83\xc3\x08\x89]\xec\x8dE\xf4PS\xffu\x18\xe8\x8a\xcb\xff\xff\x85\xc0\x0f\x84\x01\x01\x00\x009u\x10t\x1eVW\x8dE\xf4PSVj\x01V\xffu\x10\xffu\x08\xe8\xd4\xab\xff\xff;\xc6\x0f\x85\xb8\xfd\xff\xff\x83}\xf0\x00\x8bM\xf4\x8dY\x08\x0f\x85<\x01\x00\x00\x8b}\x1c\x8bu\xec\x83\xc7\x08\xe96\x01\x00\x00\x8a\x06<\x03t\x08<\x04\x0f\x85\xb2\x00\x00\x00\x8bE\xfc\x8b@\x10\x85\xc0\x0f\x84\xb8\x00\x00\x00\x8bX\x08\x8bu\x1c\x83\xc3\x07\xc1\xeb\x03\x83\xc3\x14\x85\xf6\x0f\x84\x15\x01\x00\x00\x8bM 9\x19\x0f\x82
\x01\x00\x00\x8b\x08\x8bU\xf8\x89J\x08\x8bH\x08\x89J\x0c\x8bH\x10\x89J\x10\x8bH\x08\x83\xc1\x07\xc1\xe9\x03\x8dp\x14\x8b\xc1\xc1\xe9\x02\x8d FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => k\x83E\x90\x08u2\x8b\xb5|\xff\xff\xff\x8dF\x08;\xc6r\x18P\xff\x15\x18 \x03h;\xc7\x89E\x90t\x0f\xc7\x00Heap\x83E\x90\x089}\x90u\x08j\x08[\xe9\x85\x02\x00\x00\x8d\x85|\xff\xff\xffP\x8dE\x90P\x8bE\x94\xffp\x1c\xe8\x8d\xa5\xff\xff;\xc7\x0f\x85c\xfc\xff\xff\xffu\x88\x8bE\x94\xffu\x98\xffu\x90\xffp\x1c\xe8x\xa9\xff\xff;\xc7\x0f\x85G\xfc\xff\xff\xff\xb5t\xff\xff\xff\x8dE\x9cP\xffu\x90\x8bE\x94\xffp\x1c\xe8X\xa9\xff\xff;\xc7\x0f\x85'\xfc\xff\xff\x8bE\x94\x8bx\x10\x8b\x8d|\xff\xff\xff\x8bu\x90\x8b\xc1\xc1\xe9\x02\xf3\xa5\x8b\xc8\x83\xe1\x03\xf3\xa4\x8bE\x94\x83H \x02\x8bM\x80\x8b}\x8c\x8b\xd1\xc1\xe9\x02\x8b\xb5x\xff\xff\xff3\xc0\xf3\xab\x8b\xca\x83\xe1\x03\xf3\xaa\x8bM\x88\x8b}\x98\x8b\xd1\xc1\xe9\x023\xc0\xf3\xab\x8b\xca\x83\xe1\x03\xf3\xaa\x8bE\x94VS\xffp\x10\xffp\x18\xffp\x1c\xe8\x94\xf8\xff\xff\x85\xc0\xe9\xb1 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xeb\x07\xc7E\xb8p\xf0\x02h\x8bU\x143\xf6\x85\xd2v\x13\x8bE\x10\x8dD\x10\xff\x8a\x08\x88L5\xbcFH;\xf2r\xf4\x8b]\x1c\x8b\xca\x8b\xfb\x8du\xbc3\xc0\xf3\xa6t\x05\x1b\xc0\x83\xd8\xff\x85\xc0u~\xf6E\x18\x01\x8b\xca\x89M\xb4uG\x8bu\xb8\x85\xf6t@\x8b\x06\x808\x00t9\x89u\xb8\x0f\xb6\x18\x8dx\x01\x8bE\x1c\x8d4\x02\x8b\xcb3\xc0\xf3\xa6t\x05\x1b\xc0\x83\xd8\xff\x85\xc0t\x13\x83E\xb8\x04\x8bE\xb8\x8b\x00\x808\x00u\xd5\x8bM\xb4\xeb\x03\x8d\x0c\x13\x8b]\x1c\x80<\x19\x00u&\x8bE\x08\x8b@\x0c\x80<\x18\x00u\x1a\x80|\x18\xff\x01u\x13AH\xeb\x07\x80<\x19\xffu A;\xc8r\xf53\xc0\xeb\x0c\xb8\x06\x00 \x80\xeb\x05\xb8\x02\x00 \x80\x8bM\xfc_^[\xe8\x92n\x00\x00\xc9\xc2\x18\x00\x10\xdd\x00h\x19\xdd\x00h"\xdd\x00h+\xdd\x00h\x17\xde\x00h\x17\xde\x00h\x17\xde\x00h4\xdd\x00h\x17\xde\x00h\x17\xde\x00h\x17 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => _j\x06\x8dM\xc0Q\x8dM\xe4Q\xffu\xc8\x89}\xc0P\xffU\xb8;\xc3u\x06f9}\xc0t8\x83\xf82\x8bu\xcctSW\x8dE\xe4P\x8dF8P\x8dFXP\x8d\x86d\x01\x00\x00P\xe8\xb7\xe9\xff\xff;\xc3uSSj\x06W\x8dE\xe4P\xffu\xc8\xffu\xd4\xffU\xc4\xeb\x03\x8bu\xccW\xe8\x0c1\x01\x00;\xc3\x89\x86H\x01\x00\x00u\x08j\x08^\xe9\x1a\x01\x00\x00\x8du\xe4\xe9\xff\x00\x00\x00\x8dE\xd8PSSh\x03\x80\x00\x00\xffv\x0c\xe8\xd9\x86\xff\xff\x85\xc0u
\xff\x15\xc8\x11\x00h\x8b\xf0\xe9\xee\x00\x00\x00S\x8dE\xecPj\x02\xffu\xd8\xffv\x0c\xe8k\xb7\xff\xff\x85\xc0t\xdd\x8dE\xbcPj\x01\xffv\x0c\xffu\xd8\xe8\xf0$\x00\x00;\xc3t\x11= \x00 \x80u\xc7\xbe\x02\x00 \x80\xe9\xb2\x00\x00\x00\x8bE\xbc\xffu\xd0\x8b=\xbc\x11\x00h\x83`\x18\xfe\xff\xd7@P\xe8y0\x01\x00;\xc3\x89E\xe0tw\xffu\xd0P\xff\x15 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xff\xff\xff6\xe8\xcc!\x01\x00\x8bu\x18\x89\x06\x8bE\x10\xff0\xe8T!\x01\x00;\xc3\x89\x07\x0f\x84r\xff\xff\xff\xff6\xe8C!\x01\x00;\xc3\x8bM\x0c\x89\x01\x0f\x84^\xff\xff\xff\xffu\xf0\xffu\xf8h\x01\x00\x01\x00\xffu\x1cP\xff7\xe8 \xfc\x00\x00\x8b\xf0\xf7\xde\x1b\xf6\x81\xe6\xb1\xfa\xff\xff\x81\xc6O\x05\x00\x00\x8dE\xdcP\x8d\x85p\xff\xff\xffP\xe8\xfbz\x01\x00\x85\xc0u\x0e;\xf3u
\xffu\xe4\xe8\xf6F\x00\x00\x8b\xf09]\xd0t"\x8dE\xdcP\x8d\x85\xc0\xfe\xff\xffP\xe8\xaev\x01\x00\x85\xc0u\x0e;\xf3u
\xffu\xe4\xe8\xcfF\x00\x00\x8b\xf09]\xect\x08\xffu\xec\xe8\xfb \x01\x009]\xf8t\x08\xffu\xf8\xe8\xee \x01\x009]\xf0t\x08\xffu\xf0\xe8\xe1 \x01\x00;\xf3t\x1b\x8b?;\xfbt\x06W\xe8\xd1 \x01\x00\x8bE\x0c\x8b\x00;\xc3t\x06P\xe8\xc2 \x01\x00_\x8b\xc6^[\xc9\xc2\x18\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xdbC\x89]\xa8\x8bE\x18=\x00\x04\x00\x00r0P\x8dE\xccP\x8dE\xc8P\x8dE\xc4P\x8dE\xdcP\x8dE\xe0P\xe8\\xee\xff\xff\x89E\xe4\x85\xc0\x0f\x85\xfd\x01\x00\x00\x89]\xd0\x8b}\xdc\xe9\x8f\x00\x00\x00\x89E\xa4\x8dE\xa4P\x8dE\xc8P\x8dE\xc4P\xe8\xa9\xef\x00\x00\x85\xc0u\x0c\xc7E\xe4 \x00 \x80\xe9\xce\x01\x00\x00\xffu\xc4\xe8\x01\x11\x01\x00\x89E\xe0\x85\xc0u\x0c\xc7E\xe4\x08\x00\x00\x00\xe9\xb3\x01\x00\x00\x89]\xd0\xffu\xc8\xe8L\x11\x01\x00\x89E\xccP\xe8\xda\x10\x01\x00\x8b\xf8\x89}\xdc\x85\xfft\xd7\x8d\x86d\x01\x00\x00\x838\xfft\x10\x89E\x90\xc7E\x94o\xd7\x00h\x8dE\x90\x89E\xc0h\x01\x00\x01\x00\xffu\x18W\xffu\xe0\xffu\xc0\xe8\xf2\xe8\x00\x00\x85\xc0t\x89\x8bE\xcc\x83\xc0\xecP\x8dG\x14P\xe8\x1c\x11\x01\x00\x89E\xd8\x85\xc0\x0f\x85E\x01\x00\x00PSSW\xffu\xe0\xe8s\xfc\xff\xff\x89E\xd8\x85\xc0\x0f\x85.\x01\x00\x00 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x85\xe2\x00\x00\x00\xe8\x1f\xf7\xff\xff\x85\xc0\x0f\x84\xd5\x00\x00\x00\x8d\x85\xa4\xfe\xff\xffP\xe8\x8e\x80\x00\x00j\x03h\x1c\xf8\x02h\x8d\x85\xa4\xfe\xff\xffP\xe8K\x8c\x00\x00\x8d\x85|\xff\xff\xffP\x8d\x85\xa4\xfe\xff\xffP\xe8h\x8d\x00\x00\x8b\xcb\xbf \xf8\x02h\x8d\xb5|\xff\xff\xff3\xc0\xf3\xa7\x0f\x85\x8c\x00\x00\x00\x8d\x85\xd4\xfd\xff\xffP\xe85\x8e\x00\x00j\x03h@\xf8\x02h\x8d\x85\xd4\xfd\xff\xffP\xe8R\xbd\x00\x00\x8d\x85L\xff\xff\xffP\x8d\x85\xd4\xfd\xff\xffP\xe8\xbf\xc5\x00\x00j\x0cY\xbfD\xf8\x02h\x8d\xb5L\xff\xff\xff3\xc0\xf3\xa7uF\x8d\x85\x04\xfd\xff\xffP\xe8\x7f\x8e\x00\x00j\x03ht\xf8\x02h\x8d\x85\x04\xfd\xff\xffP\xe8\x0c\xbd\x00\x00\x8d\x85\x0c\xff\xff\xffP\x8d\x85\x04\xfd\xff\xffP\xe8Y\xbe\x00\x00j\x10Y\xbfx\xf8\x02h\x8d\xb5\x0c\xff\xff\xff3\xc0\xf3\xa7t
\xb8 \x00 \x80\xe9\xfa\x01\x00\x00j\x00h\x8c\xf6\x02hj\x05h\x84\xf6\x02hj FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x04\x00\x00\x8br\x10\x8b\xd1\xc1\xe9\x02\x8d\xb80\x03\x00\x00\xf3\xa5\x8b\xca\x83\xe1\x03\xf3\xa4\x8b\x8bH\x03\x00\x00\x89H\x04\x8b\x8bL\x03\x00\x00\x89H\x08\x8b\x8bP\x03\x00\x00\x89H\x0c\x8b\x8bT\x03\x00\x00\x89H\x10\x8b\x8bX\x03\x00\x00\x89H\x14\x8b\x8b\\x03\x00\x00\x89H\x18\x8b\x8b4\x01\x00\x00\x89\x88\x1c\x01\x00\x00\x8b\xd1\xc1\xe9\x02\x8ds4\x8dx\x1c\xf3\xa5\x8b\xca\x83\xe1\x03\xf3\xa4\x8b\x8b8\x02\x00\x00\x89\x88 \x02\x00\x00\x8b\xd1\xc1\xe9\x02\x8d\xb38\x01\x00\x00\x8d\xb8 \x01\x00\x00\xf3\xa5\x8b\xca\x83\xe1\x03\xf3\xa4\x8b\x8bD\x03\x00\x00\x89\x88,\x03\x00\x00\x8d\xb8,\x02\x00\x00\x8b\xc1\xc1\xe9\x02\x8d\xb3D\x02\x00\x00\xf3\xa5\x8b\xc8\x83\xe1\x03\xf3\xa4\xe9\x1b\x02\x00\x00\x8bJ\x0c\x89\x880\x04\x00\x00\x8br\x10\x8b\xd1\xc1\xe9\x02\x8d\xb80\x03\x00\x00\xf3\xa5\x8b\xca\x83\xe1\x03\xf3\xa4\x8b\x8bH\x03\x00\x00\x89H\x04\x8b\x8bL\x03\x00\x00\x89H\x08\x8b\x8bP\x03\x00\x00\x89H\x0c\x8b\x8bT\x03 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x00+\xc1\x89u\xcc\x89U\xd8\x89U\xd0\x89U\xc4\x89U\xc0\x0f\x84H\x01\x00\x00\x83\xe8\x04t
\xbe\x08\x00 \x80\xe9\x97\x01\x00\x00\xf6\x834\x04\x00\x00\x01\x8b{\x0c\x8bC\x04\x89}\xd4\x89E\xc8\x0f\x84\xcd\x00\x00\x00\xffu\x14\x8dE\xf4P\x8dE\xd0P\x8dE\xdcP\x8dE\xccP\x8dE\xd4P\x8dE\xc4PS\xe8<\xfe\xff\xff\x85\xc0\x0f\x852\x01\x00\x00\x8bE\xcc\xf6E\x14\x01t\x07\xc7E\xc0\x01\x00\x00\x00\x8dM\xd8Qj\x01j\x00P\xff6W\xffu\xc0\xffu\xc8\xe8\xf8G\xff\xff\x85\xc0\x0f\x85\x03\x01\x00\x00\x81}\xc8\x02f\x00\x00u
\x8bE\xd8\xc7@l\x80\x00\x00\x00\x8b}\xd8\x8bM\xd0\x8b\xc1\xc1\xe9\x02\x83\xc7D\x8du\xdc\xf3\xa5\x8b\xc8\x83\xe1\x03\xf3\xa4\x8bE\xd8\x8bM\xd0\x89H@\x8b[\x18\x85\xdbt\x19\x8b}\xd8\x8b\xcb\x8b\xc1\xc1\xe9\x02\x83\xc7\x1c\x8du\xf4\xf3\xa5\x8b\xc8\x83\xe1\x03\xf3\xa4j\x00\xffu\xd8\xffu\xbc\xe8\xdbI\xff\xff\x85\xc0\x0f\x85\x85 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x8b@\xfc\x89\x85\xdc\xfd\xff\xffj\x14Y3\xc0\x8d\xbd\xd0\xfc\xff\xff\xf3\xab\xc7\x85\xd0\xfc\xff\xff \x04\x00\xc0\x8bE\x04\x89\x85\xdc\xfc\xff\xff\x8d\x85\xd0\xfc\xff\xff\x89E\xf8\x8d\x85(\xfd\xff\xff\x89E\xfc\xa1\x84\x18\x03h\x89\x85 \xfd\xff\xff\xa1\x80\x18\x03h\x89\x85$\xfd\xff\xffj\x00\xff\x15\xd4\x10\x00h\x8dE\xf8P\xff\x15\xd8\x10\x00hh\x02\x05\x00\x00\xff\x15\xdc\x10\x00hP\xff\x15\xe0\x10\x00h_\xc9\xc3\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xecV3\xf69u\x0cu\x0e95\x9c\x1a\x03h~-\xff
\x9c\x1a\x03h\x83}\x0c\x01\xa1\xf0\x11\x00h\x8b\x00\xa3\x00 \x03hu=h\x80\x00\x00\x00\xff\x15\xec\x11\x00h;\xc6Y\xa3\x08 \x03hu\x043\xc0\xebg\x890\xa1\x08 \x03hh\x08\xf0\x02hh\x00\xf0\x02h\xa3\x04 \x03h\xe8\xac\x01\x00\x00\xff\x05\x9c\x1a\x03hY\xeb?9u\x0cu;\xa1\x08 \x03h;\xc6t2\xeb\x13\x8b
\x04 \x03h\x8b ; FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => t3\xc63\xd6%\xfc\xfc\xfc\xfc\x81\xe2\xcf\xcf\xcf\xcf\x8a\xd8\x8a\xcc\xc1\xca\x04\x8b\xab\xb8\x18\x00h\x8a\xda3\xfd\x8b\xa9\xb8\x1a\x00h3\xfd\x8a\xce\xc1\xe8\x10\x8b\xab\xb8\x19\x00h3\xfd\x8a\xdc\xc1\xea\x10\x8b\xa9\xb8\x1b\x00h3\xfd\x8bl$\x1c\x8a\xce%\xff\x00\x00\x00\x81\xe2\xff\x00\x00\x00\x8b\x9b\xb8\x1e\x00h3\xfb\x8b\x99\xb8\x1f\x00h3\xfb\x8b\x98\xb8\x1c\x00h3\xfb\x8b\x9a\xb8\x1d\x00h3\xfb\x8bEx3\xdb\x8bU|3\xc73\xd7%\xfc\xfc\xfc\xfc\x81\xe2\xcf\xcf\xcf\xcf\x8a\xd8\x8a\xcc\xc1\xca\x04\x8b\xab\xb8\x18\x00h\x8a\xda3\xf5\x8b\xa9\xb8\x1a\x00h3\xf5\x8a\xce\xc1\xe8\x10\x8b\xab\xb8\x19\x00h3\xf5\x8a\xdc\xc1\xea\x10\x8b\xa9\xb8\x1b\x00h3\xf5\x8bl$\x1c\x8a\xce%\xff\x00\x00\x00\x81\xe2\xff\x00\x00\x00\x8b\x9b\xb8\x1e\x00h3\xf3\x8b\x99\xb8\x1f\x00h3\xf3\x8b\x98\xb8\x1c\x00h3\xf3\x8b\x9a\xb8\x1d\x00h3\xf3\x8bT$\x14\xd1\xce\x8b\xc73\xfe\x81\xe7\xaa\xaa\xaa\xaa3 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x83\xf0\xff#\xc2\x03\xcd\x03\xc83\xc0f\xc1\xc1\x02f\x8b\xc1\x8b\xe8\x83\xf0\xff#\xeb#\xc7\x03\xd0\x8bF\x04\x03\xd0\xc1\xe8\x10\x03\xd5\x03\xf83\xc0f\xc1\xc2\x03f\x8b\xc2\x8b\xe8\x83\xf0\xff#\xc3#\xe9\x03\xf8\x03\xfd\x83\xc6\x08f\xc1\xc7\x05\x8b\xc7\xf7\xd0\x8b\xef#\xc1#\xea\x03\xd8\x8b\x06\x03\xdd\x03\xd8\xc1\xe8\x10\x8b\xef\x03\xc83\xc0f\xd1\xc3f\x8b\xc3#\xe8\x83\xf0\xff#\xc2\x03\xcd\x03\xc83\xc0f\xc1\xc1\x02f\x8b\xc1\x8b\xe8\x83\xf0\xff#\xeb#\xc7\x03\xd0\x8bF\x04\x03\xd0\xc1\xe8\x10\x03\xd5\x03\xf83\xc0f\xc1\xc2\x03f\x8b\xc2\x8b\xe8\x83\xf0\xff#\xc3#\xe9\x03\xf8\x03\xfd\x83\xc6\x08f\xc1\xc7\x05\xe9h\x06\x00\x00\x8d\xa4$\x00\x00\x00\x00\x90\x83\xc6xf\xc1\xcf\x05\x8b\xc2\x8b\xea\x83\xf0\xff#\xe9#\xc3f\xc1\xca\x03\x03\xc5+\xf8\x8bF\x04\x8b\xe9+\xd0\xc1\xe8\x10+\xf8\x8b\xc1\xf7\xd5#\xc3#\xef\x03\xe8f\xc1\xc9\x02+\xd5\x8b\xc3\x8b\xef\xf7\xd0#\xeb#\xc2f\xd1\xcb\x03 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => h34\x9d\xd81\x00h\x8b]\xf8\xc1\xeb\x08\x0f\xb6\xdb34\x9d\xd8-\x00h\x0f\xb6]\xf434\x9d\xd8)\x00h\x0f\xb6]\xf2\x89p\x08\x0f\xb6u\xf7\x8b4\xb5\xd85\x00h34\x9d\xd81\x00h\x0f\xb6\xd6\x8b\x1c\x95\xd8-\x00h\x0f\xb6U\xf83\xf334\x95\xd8)\x00h\x8bX\x04\x89p\x0c\x8b0\x8bQ\x083\xd6\x8bq\x0c3\xf3\x8bX\x08\x89u\xf0\x8bq\x103\xf3\x8bX\x0c\x89u\xf4\x8bq\x14\x89U\xec3\xf3\x89u\xf8\x8b]\xf4\xc1\xee\x18\x8b4\xb5\xd85\x00h\xc1\xeb\x10\x0f\xb6\xdb34\x9d\xd81\x00h\x8b]\xf0\xc1\xeb\x08\x0f\xb6\xdb34\x9d\xd8-\x00h\x0f\xb6\xda34\x9d\xd8)\x00h\x8b]\xf8\x890\xc1\xeb\x10\x0f\xb6\xdb\x8b\xf2\xc1\xee\x18\x8b4\xb5\xd85\x00h34\x9d\xd81\x00h\x8b]\xf4\xc1\xeb\x08\x0f\xb6\xdb34\x9d\xd8-\x00h\x0f\xb6]\xf034\x9d\xd8)\x00h\x0f\xb6]\xee\x89p\x04\x8bu\xf0\xc1\xee\x18\x8b4\xb5\xd85 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xc7E\xe8\x02\x00\x00\x00\xeb\x03\x8dI\x00\x8bQ\xf83\x10\x8bq\xfc3p\x04\x89u\xf0\x8b9\x8bp\x083\xf7\x89u\xf4\x8bY\x043X\x0c\x8bu\xf0\x0f\xb6}\xf6\xc1\xee\x18\x8b4\xb5\xd8E\x00h34\xbd\xd8A\x00h\x0f\xb6\xff34\xbd\xd8=\x00h\x0f\xb6\xfa34\xbd\xd89\x00h\x89U\xec\x890\x8bu\xf4\xc1\xee\x18\x8b4\xb5\xd8E\x00h\x89]\xf8\x0f\xb6}\xfa34\xbd\xd8A\x00h\x0f\xb6\xd6\x8b<\x95\xd8=\x00h\x8bU\xf03\xf7\x0f\xb6\xfa34\xbd\xd89\x00h\x0f\xb6}\xee\x89p\x04\x8b\xf3\xc1\xee\x18\x8b4\xb5\xd8E\x00h34\xbd\xd8A\x00h\x0f\xb6\xd6\x8b<\x95\xd8=\x00h\x8bU\xf43\xf7\x0f\xb6\xfa34\xbd\xd89\x00h\x0f\xb6}\xf2\x89p\x08\x0f\xb6u\xef\x8b4\xb5\xd8E\x00h34\xbd\xd8A\x00h\x0f\xb6\xd634\x95\xd8=\x00h\x0f\xb6\xd3\x8b<\x95\xd89\x00h\x8bX\x043\xf7\x8bx\x08\x89p\x0c\x8b0\x8bQ\xe83 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xc8\x8b\xf1\xc1\xe9\x02\x8d|\x05\xbc3\xc0\xf3\xab\x8b\xce\x83\xe1\x03\xf3\xaa\x8b]\xb4\x8bu\xb8\xb9\x07\x00\x00\x00+\xcb\x8a\\x15\xbc\xb8\x01\x00\x00\x00\xd3\xe0\x8a\xc8\xfe\xc9
\xd8\xf6\xd1"\xcb\x83\xfa7\x88L\x15\xbc[v6\x8dU\xbcRV\xe8\x91a\x00\x003\xc0\x89E\xbc\x89E\xc0\x89E\xc4\x89E\xc8\x89E\xcc\x89E\xd0\x89E\xd4\x89E\xd8\x89E\xdc\x89E\xe0\x89E\xe4\x89E\xe8\x89E\xec\x89E\xf0\x8bN\x10\x8bV\x14\x8dE\xbcPV\x89M\xf4\x89U\xf8\xe8Oa\x00\x00\x8bM\xfc_\xc7F\x18\x01\x00\x00\x003\xc0^\xe8\xc5\xae\xff\xff\x8b\xe5]\xc2\x0c\x00\xcc\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec\x8bE\x083\xc9\xc7\x00g\xe6 j\xc7@\x04\x85\xaeg\xbb\xc7@\x08r\xf3n<\xc7@\x0c:\xf5O\xa5\xc7@\x10\x7fR\x0eQ\xc7@\x14\x8ch\x05\x9b\xc7@\x18\xab\xd9\x83\x1f\xc7@\x1c\x19\xcd\xe0[\x89H \x89H$]\xc2\x04\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xff\xff\x89}\xd8\x8bx\x1c\x89\x95<\xfc\xff\xff\x89U\xb4\x8bP \x89\xbd@\xfc\xff\xff\x89}\xb8\x8bx$\x89\x95|\xfc\xff\xff\x89U\xdc\x8bP(\x89\xbd\x80\xfc\xff\xff\x89}\xe0\x8bx,\x89\x95L\xfc\xff\xff\x89U\xbc\x8bP0\x89\x8d\x9c\xfc\xff\xff\x89M\xcc\x8bH\x0c\x89\xbdP\xfc\xff\xff\x89}\xc0\x8bx4\x89\x95l\xfc\xff\xff\x89U\xc4\x8bP8\x8b@<\x89\x850\xfc\xff\xff\x89E\xf0\x89\x8d`\xfc\xff\xff\x89\xbdp\xfc\xff\xff\x89}\xc8\x89\x95,\xfc\xff\xff\x89U\xec3\xc0\xeb\x03\x8bu\x0c\x8b\x1e\x8bV\x04\x83\xc6\x08\x89u\x0c3\xf6\x0b\xd63\xff\x0b\xfb\x8b\xda\x89]\x94\x89}\x98\x8b\xf7\x0f\xa4\xdf\x08\x0f\xac\xf2\x08\xc1\xe3\x083\xd3\x8b]\x98\xc1\xee\x083\xf7\x8b}\x94\x0f\xa4\xfb\x08\x81\xe2\xff\x00\xff\x00\xc1\xe7\x083\xd7\x8b\xfa\x89U\x94\x81\xe6\xff\x00\xff\x003\xf3\x8b\xde\x0f\xac\xdf\x10\xc1\xeb\x10\x89u\x98\x0f\xa4\xd6\x103\xde\x8bu\x98\xc1\xe2\x103\xfa\x8bU FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xcc\x89\x8d\x88\xfc\xff\xff\x8b\xce\xf7\xd1#\xcb\x8b]\xd0\xf7\xd2#\xd3\x8b]\xec#\xde\x8bu\xf0#u\xc83\xcb\x8b\x9dp\xfe\xff\xff3\xd63\xbdl\xfe\xff\xff\x8b\xb5\x88\xfc\xff\xff3\xf33\xbd\\xfe\xff\xff3\xb5`\xfe\xff\xff\x8b\x1c\xc5T[\x00h\x03\xcf\x8b\xbc\xc5\xac\xfc\xff\xff\x13\xd6\x03\x0c\xc5P[\x00h\x8b\xb4\xc5\xb0\xfc\xff\xff\x13\xd3\x8b]\xa4\x03\xcf\x8b}\xa8\x13\xd6\x8bu\xbc\x03\xcb\x13\xd7\x03\xf1\x89M\xe4\x8bM\xc0\x13\xca\x89u\xbc\x89U\xe8\x8bU\xd8\x89M\xc0\x8bM\xd4\x8b\xf2\x8b\xf9\x0f\xac\xf7\x1c\x0f\xac\xce\x1c\x89\xb5P\xfe\xff\xff\x8b\xf2\x89\xbdL\xfe\xff\xff\x8b\xfe\x8b\xf1\x89}\xfc\x0f\xac\xf7\x02\x89\xbdt\xfc\xff\xff\x8b\xfa\x0f\xac\xfe\x02\x8b\xbdt\xfc\xff\xff\x89\xb50\xfe\xff\xff\x89\xbd,\xfe\xff\xff\x8b\xf2\x8b\xfa\x8b\xdf\x8b\xf1\x0f\xac\xf3\x07\x0f\xac\xfe\x07\x89\x9d<\xfe\xff\xff\x8b]\xb83\xda#]\xe0\x89\xb5@\xfe\xff\xff\x8bu\xb4\x8b\xfe#\xf13\xf9# FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xbc\x8b\xd6\x8b\xf9\x0f\xac\xd7\x1c\x0f\xac\xca\x1c\x89\x95H\xfe\xff\xff\x89\xbdD\xfe\xff\xff\x8b\xd6\x8b\xfe\x89}\xf8\x8b\xd1\x0f\xac\xd7\x02\x89\xbd\xb4\xfa\xff\xff\x8b\xfe\x0f\xac\xfa\x02\x8b\xbd\xb4\xfa\xff\xff\x89\x95\xb8\xfe\xff\xff\x8b\xd6\x89\xbd\xb4\xfe\xff\xff\x8b\xfa\x8b\xd1\x8b\xdf\x0f\xac\xd3\x07\x0f\xac\xfa\x07\x89\x9d\x04\xfe\xff\xff\x8b]\xc83\xde#]\xf0\x89\x95\x08\xfe\xff\xff\x8bU\xc4\x8b\xfa#\xd13\xf9#}\xec\x8bM\xc83\xfa\x8b\x95\xb4\xfe\xff\xff#\xce3\xd9\x8b\x8d\x04\xfe\xff\xff3\xca3\x8dD\xfe\xff\xff\x8b\x95\x08\xfe\xff\xff3\x95\xb8\xfe\xff\xff3\x95H\xfe\xff\xff\x03\xf9\x13\xda\x8bU\xe4\x8bM\xe8\x03\xfa\x13\xd9\x8bM\xfc\x89]\xe0\x8b]\x0c\x89}\xdc\x8b}\xa0@AC\x89M\xfc\x89]\x0c\x83\xe1\x0f\x8b\x94\xcd\xac\xfc\xff\xff\x8b\x8c\xcd\xb0\xfc\xff\xffG\x8b\xda\x89}\xa0\x8b\xf9\x0f\xac\xfb\x01\x89\x9dT\xfb\xff\xff\x8b\xda\x0f\xac\xdf\x01\x8b\x9dT\xfb\xff\xff\x89\x9d\xc4\xfe\xff\xff\x8b\xda FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xff\x0f\xa4\xd7\x08%\xff\x00\xff\x00\xc1\xe2\x083\xc2\x81\xe1\xff\x00\xff\x003\xcf\x8b\xd0\x89\x85T\xff\xff\xff\x8b\xf9\x0f\xac\xfa\x10\x89\x8dX\xff\xff\xff\x0f\xa4\xc1\x10\xc1\xe0\x103\xd0\x8b\x85T\xff\xff\xff\xc1\xef\x103\xf9\x8b\x8dX\xff\xff\xff\x0f\xa4\xc1\x10\xc1\xe0\x10\x81\xe2\xff\xff\x00\x003\xd0\x8b\x85P\xff\xff\xff\x81\xe7\xff\xff\x00\x003\xf9\xc6\x85l\xff\xff\xff\x80\x89\x94\x05\\xff\xff\xff\x89\xbc\x05`\xff\xff\xff\x8b\xbdh\xff\xff\xff3\xc0\x0b\xf8\x8b\x85d\xff\xff\xff3\xd2\x0b\xd0\x89\x95X\xff\xff\xff\x89\xbdT\xff\xff\xff\x8b\xcf\x8b\xc2\x0f\xac\xc1\x08\x0f\xa4\xfa\x08\xc1\xe8\x08\x89\x85h\xff\xff\xff\x8b\xc1\x8b\x8dh\xff\xff\xff3\xca\x8b\x95T\xff\xff\xff\xc1\xe7\x083\xc7\x8b\xbdX\xff\xff\xff\x0f\xa4\xd7\x08%\xff\x00\xff\x00\xc1\xe2\x083\xc2\x81\xe1\xff\x00\xff\x003\xcf\x8b\xd0\x89\x85T\xff\xff\xff\x8b\xf9\x0f\xac\xfa\x10\x89\x8dX\xff\xff\xff\x0f\xa4\xc1\x10\xc1\xe0\x103\xd0\x8b\x85T\xff\xff\xff FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x00h\x84\xdb\x8b\xd7\x8b\xf1t\x0e\xc1\xe6\x1a\xc1\xe9\x02\xc1\xe2\x1a\xc1\xef\x02\xeb
\xc1\xe6\x1b\xd1\xe9\xc1\xe2\x1b\xd1\xef\x0b\xd7\x0b\xf1\x81\xe6\xff\xff\xff\x0f\x8b\xce\xd1\xe9\x8b\xf9\x81\xe7\x00\x00\x00\x07\x89M\x0c\x8b\xde\x81\xe3\x00\x00\xc0\x00\x0b\xfb\xd1\xef\x8b\xde\x81\xe3\x00\x00\x10\x00\x0b\xfb\xc1\xef\x14\x8b\xd9\x81\xe3\x00\x00\x06\x00\x8b\xce\x81\xe1\x00\xe0\x01\x00\x0b\xd9\x8b\x0c\xbd\xb8#\x00h\xc1\xeb
\x0b\x0c\x9d\xb8"\x00h\x8b}\x0c\x81\xe7\x00\x0f\x00\x00\x81\xe2\xff\xff\xff\x0f\x8b\xde\x81\xe3\xc0\x00\x00\x00\x0b\xfb\xc1\xef\x06\x0b\x0c\xbd\xb8!\x00h\x8b\xfe\x83\xe7?\x0b\x0c\xbd\xb8 \x00h\x8b\xfa\xd1\xef\x89}\xfc\x81\xe7\x00\x00\x00\x06\x8b\xda\x81\xe3\x00\x00\xe0\x01\x0b\xfb\x8b]\xfc\x81\xe3\x00\x1e\x00\x00\x89U\x08\x81\xe2\x80\x01\x00\x00\x0b\xda\xc1\xef\x15\x8b\x14\xbd\xb8'\x00h\xc1\xeb\x07\x0b\x14\x9d\xb8%\x00h\x8b}\x08\x8b\xdf\xc1\xeb\x0f\x83\xe3?\x0b\x14\x9d\xb8&\x00h\x83\xe7?\x0b\x14\xbd\xb8$\x00 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xec\x8bE\x10\x8b\x08\xf6\xc1\x01u9\x83\xf9 r4\xd1\xe9\x89\x08\x8b\xc1\xc1\xe8\x05@\xf6\xc1\x1ft\x01@\x8d\x0c\x80\x8d\x14\xcd\x14\x00\x00\x00\x8bM\x0c\x89\x11\x8d\x14\xc5\x14\x00\x00\x00\x8bE\x08\x89\x10\xb8\x01\x00\x00\x00]\xc2\x0c\x003\xc0]\xc2\x0c\x00\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec\x81\xec\x90\x00\x00\x00S\x8b]\x08\x8b\x03W3\xff=RSA1\x89}\xfct
_3\xc0[\x8b\xe5]\xc2\x0c\x00\x8bC\x08\xd1\xe8V\x8b\xf0\xc1\xee\x05F\xa8\x1ft\x01F\x8bK\x10\xb8\x01\x00\x00\x00;\xc8\x8d\x0c6u\x11\x8bu\x0c\x8b}\x10\xf3\xa5^_[\x8b\xe5]\xc2\x0c\x00\x8dC\x14QP\x89E\xf8\x8bE\x0cP\x89M\x08\xe8#\x08\x00\x00\x85\xc0}b\xc1\xe6\x03\x81\xfe\x88\x00\x00\x00v\x14Vj\x00\xff\x15\x00\x11\x00h\x85\xc0\x89E\xfctG\x8b\xd0\xeb\x06\x8d\x95p\xff\xff\xff3\xc0\x8b\xce\xc1\xe9\x02\x8b\xfa\xf3\xab\x8b\xce\x83 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xd5\xf8\xff\xff\xff\x89M\x14\xeb\x06\x8bu\xf4\x8bE\x10\x8bM\xcc3\xd2\x8a4\x06\x8aT\x06\xff\x8b\xc2\xc1\xea\x08;\xcau
\xbe\xff\x00\x00\x00\x89u\x1c\xeb 3\xd2\xf7\xf1\x89E\x1c\x8b\xf0\x8b\xc6%\x00\x00\x00\x80\xf7\xd8\x1a\xc0\x8bM\xfc\x8b}\xf8\x89]\xd8\x8d\x0c\x8d\xfc\xff\xff\xff\x8b\xd1\x897%\xff\x00\x00\x00\x0f\xb6\xc0\x8a\xd8\x8bu\xfc\x8a\xfb\xc1\xe9\x02\x83\xc7\x04V\x8b\xc3\xc1\xe0\x10f\x8b\xc3\x8b]\xd8\xf3\xab\x8b\xca\x83\xe1\x03\xf3\xaa\x8bE\xf8\x8bM\xf0PQS\xe8\xfd\xf6\xff\xff\x8b}\xec\x8d\x0c\xb5\x00\x00\x00\x00\x8b\xd1\xc1\xe9\x023\xc0\xf3\xab\x8b\xca\x83\xe1\x03\xf3\xaa\x8bE\x14\x8b}\xec\x8b\xc8\x83\xe1\x1f\xba\x01\x00\x00\x00\xd3\xe2V\xc1\xe8\x05S\x89\x14\x87\x8bE\xf8WP\xe8\xbf\xf6\xff\xff\x8bM\xf8\x8bU\xf4VQRS\xe8T\x04\x00\x00\x8bG\xfc\x85\xc0y)\x8bE\xf0\x8bM\xf8VPWQ\xe8\x9a\xf6\xff\xff\x8bU\xf8VRSS\xe8\xee\x03\x00\x00\x8bM FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x00+\xc1\x83\xd2\x00\x89D\xaf\x0c\x8b\xca\x83\xc5\x04u\x96]\x8b\xc1_^[]\xc2\x10\x00\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xecSVW\x8bu\x0c\x8b}\x08\x8bM\x103\xdb\x8b\x06\x83\xc6\x04\xf7\xe0\x03\xd8\x8b\x07\x83\xd2\x00\x03\xc3\x8b_\x04\x83\xd2\x00\x89\x07\x03\xd3\xbb\x00\x00\x00\x00\x89W\x04\x83\xd3\x00\x83\xc7\x08Iu\xd5_^[]\xc2\x0c\x00\xcc\xcc\xcc\xcc\xccj\x08hx`\x00h\xe8\x9e1\xff\xff\x83e\xfc\x00\xffu\x08\xff\x15\xb4\x11\x00h\x83M\xfc\xff3\xc0\xeb\x1e\x8bE\xec\x8b\x00\x8b\x003\xc9=\x17\x00\x00\xc0\x0f\x94\xc1\x8b\xc1\xc3\x8be\xe8\x83M\xfc\xffj\x08X\xe8\xa11\xff\xff\xc2\x04\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec]\xff%\xb8\x11\x00h\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec\x83\xec@VWj\x0eY3\xc0\x8d}\xc0\xf3\xab\x8dE\xfcPj\x013\xf6!u\xfc!u\xf8j\x08\xff\x15\x08\x11\x00hP\xff\x15 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xff\xff\xff\xd6\x85\xc0t%\x8d\x85\xe4\xfb\xff\xffPSSSSSSSj\x123\xf6FV\x8d\x85\xf4\xfb\xff\xffP\xff\x15D\x10\x00h\x85\xc0u
\xff\x15\xc8\x11\x00h\x8b\xf8\xeb\x1c\x8b\x85\xdc\xfb\xff\xff\xff0\xff\xb5\xe4\xfb\xff\xff\xff\x15P\x10\x00h\x85\xc0t\x02\x8973\xff9\x9d\xe0\xfb\xff\xfft\x0b\xff\xb5\xe0\xfb\xff\xff\xe8I\xf1\xff\xff9\x9d\xe4\xfb\xff\xfft\x0c\xff\xb5\xe4\xfb\xff\xff\xff\x15$\x10\x00h9\x9d\xe8\xfb\xff\xff\x8b5\x04\x11\x00ht\x08\xff\xb5\xe8\xfb\xff\xff\xff\xd69\x9d\xf0\xfb\xff\xfft\x08\xff\xb5\xf0\xfb\xff\xff\xff\xd6\x8bM\xfc\x8b\xc7_^[\xe8\xb8\x1e\xff\xff\xc9\xc2\x04\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec\x81\xec \x04\x00\x00\xa1\x84\x18\x03hS\x89E\xfcV3\xdb\x8d\x85\xfc\xfb\xff\xffW\x8b}\x08\x89\x85\xe0\xfb\xff\xff\x8d\x85\xf0\xfb\xff\xffPj\x08\x89\x9d\xf0\xfb\xff\xff\xc7\x85\xec\xfb\xff\xff\x00\x04\x00\x00\x89\x9d\xe4\xfb\xff\xff\x89\x9d\xe8\xfb FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x00\x00\x8d\x85T\xff\xff\xffP\xe9Q\xff\xff\xff\x89\x8dP\xff\xff\xff\xe9\x82\x02\x00\x00W\xff\xb5H\xff\xff\xff\xff\x15,\x11\x00h\x83\xf8\xff\x0f\x84\xfb\xfe\xff\xff\x83\xf8\x1c\x0f\x82c\x02\x00\x00WWWj\x02W\xff\xb5H\xff\xff\xff\xff\x15<\x11\x00h;\xc7\x89\x85<\xff\xff\xff\x0f\x84\xd2\xfe\xff\xffWWWj\x04P\xff\x158\x11\x00h;\xc7\x89\x85L\xff\xff\xff\x0f\x84\xb8\xfe\xff\xff\x8b\x00\x83\xf8\x02\x89\x03\x0f\x85\x1c\x02\x00\x00\x83{ \x00\x8b\x85L\xff\xff\xff\x8dS\x04j\x07\x8dp\x04Y\x8b\xfa\xf3\xa5t\x14\x83:\x00t\x0f\xc7\x85P\xff\xff\xff"\x00 \x80\xe9\xef\x01\x00\x00\x8bH \x8b@$\xffs\x08\x89\x8d4\xff\xff\xff\x89\x858\xff\xff\xff\xe8\xa6\xe0\xff\xff\x85\xc0\x89C@\x0f\x84q\x01\x00\x00\x8bK\x08\x8b\xb5L\xff\xff\xff\x8b\xf8\x8b\xc1\xc1\xe9\x02\x83\xc6(\xf3\xa5\x8b\xc8\x83\xe1\x03\xf3\xa4\x8bs\x08\xffs\x1c\x83\xc6(\x89\xb5P\xff\xff\xff\xe8k\xe0\xff FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x83\xf8\x05\x0f\x85h\x01\x00\x00C\xeb\xc3\xff\xb5\xa8\xfd\xff\xff\xff\x15\xc0\x11\x00h\x83\x8d\xa8\xfd\xff\xff\xff\x83\xa6\x04\x01\x00\x00\x00\x89\x9e\x08\x01\x00\x00i\xdb\x05\x01\x00\x00S\xc7\x86\x00\x01\x00\x00\x05\x01\x00\x00\xe8*\xd1\xff\xff\x85\xc0\x89\x86\x0c\x01\x00\x00u\x08j\x08[\xe9\x1f\x01\x00\x003\xc0PP\xb9\x94\x00\x00\x00\x8d\xbd\xac\xfd\xff\xffP\xf3\xab\x8d\x8d\xac\xfd\xff\xffQP\xff\xb5\x98\xfd\xff\xff\xff\x15$\x11\x00h\x83\xf8\xff\x89\x85\xa8\xfd\xff\xff\x0f\x84\x00\xff\xff\xff\x8b\x1dD\x11\x00h\x8d\x8d\xac\xfd\xff\xffQP\xff\xd3\x85\xc0t"3\xc0\xb9\x94\x00\x00\x00\x8d\xbd\xac\xfd\xff\xff\xf3\xab\x8d\x85\xac\xfd\xff\xffP\xff\xb5\xa8\xfd\xff\xff\xff\xd3\x85\xc0u\x0e\xff\x15\xc8\x11\x00h\x83\xf8\x12\xe9\xc5\xfe\xff\xff\x83\xa5\x9c\xfd\xff\xff\x00\x83\xbe\x08\x01\x00\x00\x00\x8b\xbe\x0c\x01\x00\x00\x0f\x86\x86\x00\x00\x00\x8d\x85\xa0\xfd\xff\xffPW\xff\xb5\xa4\xfd\xff\xff\x8d\x85\xd8\xfd\xff\xffPj\x01\xc7\x85 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => W\xe8\x13\xfc\xff\xff\x85\xc0u:\x8dE\xfcP\x8dE\xf8PVh\xe4\x1a\x03hha\x1d\x00\x00W\xe8\xf6\xfb\xff\xff\x85\xc0u\x1d\x8dE\xfcP\x8dE\xf8PVh\x04\x1b\x03hhb\x1d\x00\x00W\xe8\xd9\xfb\xff\xff\x85\xc0t*\x8b\xf0\xa1\xa8\x1a\x03h\x85\xc0t
P\xe8Z\xc1\xff\xff\x83%\xa8\x1a\x03h\x00\x85\xfft\x07W\xff\x15\xa4\x11\x00h\x8b\xc6\xe9\x92\x00\x00\x00\xa1\xa8\x1a\x03h\x01\x05\xbc\x1a\x03h\x01\x05\xc0\x1a\x03h\x01\x05\xc4\x1a\x03h\x01\x05\xb0\x1a\x03h\x01\x05\xb4\x1a\x03h\x01\x05\xb8\x1a\x03h\x01\x05\xd4\x1a\x03h\x01\x05\xd8\x1a\x03h\x01\x05\xc8\x1a\x03h\x01\x05\xcc\x1a\x03h\x01\x05\xd0\x1a\x03h\x01\x05\xe0\x1a\x03h\x01\x05\xf4\x1a\x03h\x01\x05\xfc\x1a\x03h\x01\x05\xf8\x1a\x03h\x01\x05\x00\x1b\x03h\x01\x05\xdc\x1a\x03h\x01\x05\xf0\x1a\x03h\x01\x05\xec\x1a\x03h\x01\x05\xe8\x1a\x03h\x01\x05\xe4\x1a\x03h\x01\x05\x04\x1b\x03hW\xff\x15\xa4\x11\x00h3\xc0 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x11\x00h3\xff\xe9\x88\x00\x00\x003\xc0\x8dM\xfc@QPS\x89E\xf4\xff\xd6P\xff\xd7\x85\xc0t]3\xc0\x8d}\xd8\xab\xab\xab\xab3\xc0\x8d}\xc8\xab\xab\xab\xab\x8dE\xe8Ph c\x00hj\x00\xff\x15p\x10\x00h\x85\xc0t6\x8bE\xe8\x89E\xdc\x8bE\xec\x89E\xe0\x8dE\xf0P\x8dE\xc8Pj\x10\x8dE\xd8Pj\x00\xffu\xfc\xc7E\xd8\x01\x00\x00\x00\xc7E\xe4\x02\x00\x00\x00\xff\x15\x80\x10\x00h\x89E\xf83\xff\xffu\x1c\xffu\x18\xffu\x14\xffu\x10\xffu\x0c\xe8\xc3\xe6\xff\xff9}\x08\x8b\xf0t\x179}\xf8t\x12WWj\x10\x8dE\xc8PW\xffu\xfc\xff\x15\x80\x10\x00h9}\xfct \xffu\xfc\xff\x15\x04\x11\x00h9}\xf4t\x06\xff\x15X\x10\x00h_\x8b\xc6^[\xc9\xc2\x18\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xecQV\x8b5\x08\x1b\x03hWV\x89u\xfc\xe8\x88\xaf\xff\xff\x8b\xf8\x85\xff\x0f\x85\x02\x01\x00\x009F \x0f\x84\xf1\x00\x00 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xc0\x0f\x84\xd2\xfc\xff\xff3\xf6F\x83}\xb4\x00\x0f\x85\xfd\x01\x00\x00\x8bM\xb0\x8dA\x019E\xd4\x0f\x84\xee\x01\x00\x009M\xd4\xffu\x10\x0f\x85\xd8\x01\x00\x00\x8dE\xb8P\xffu\xe4\xffu\x0c\xffu\x08\xe8]-\x00\x00\x8b\xf0\x85\xf6\x0f\x84\xe3\x01\x00\x00\x83}\xb8\x01uj\xffu\x10\x8dE\xbcP\x8bE\xcc\xff0\xffu\x0c\xffu\x08\xffu\xc8\xffs \xe8\x07\xf9\xff\xff\x8b\xf0\x85\xf6\x0f\x84\xb6\x01\x00\x00\x83}\xbc\x00u=\xffu\x10\xffu\x0c\xffwT\xffu\x08\xe8G+\x00\x00\x85\xc0\x0f\x84B\xfc\xff\xff\xffu\x10\x8dE\xacPj\x01j\x08\xffwT\xffu\x0c\xffu\x08\xe8&7\x00\x00\x85\xc0\x0f\x84!\xfc\xff\xff3\xf6F\x83}\xac\x00\x0f\x84\xe8\xfe\xff\xff\xffE\xfc\x83E\xd0\x04\x83E\xdc\x08\x83E\xcc\x04\x83}\xfc\x01\x0f\x86\x18\xfc\xff\xff\x83e\xfc\x00\x8dG<\x89E\x08\x8dC0\x89E\xcc\x8dC8\x89E\xd0\xffu\x10\x8bE\x08\xffu\xd0j\x01\xff FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xd0\x8b\xd9\x83\xe0\x1f\xc1\xea\x05\xc1\xee\x05;\xc3\x89]\xfcr\x1b\x8dK\x01;\xf9\x89M\x18w\x03\x89}\x18\x8b\xc8\x8bE\x08\x8b\x14\x90+\xcb\xd3\xea\xeb\x19\x8dH\x01;\xf9\x89M\x18w\x03\x89}\x18\x8b\xcb+\xc8\x8bE\x08\x8b\x14\x90\xd3\xe2j Y+M\x18\x83\xc8\xff\xd3\xe0j\x1fY+M\xfc\xd3\xe8\x8bM\x10\x8d\x0c\xb1\x8b\xf0\xf7\xd6#1#\xc2\x0b\xf0+}\x18\x891\x0f\x85w\xff\xff\xff^[3\xc0@_\xc9\xc2\x18\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xecVW\xffu\x0c\x8b}\x08W\xe8\xbe\xfd\xff\xff\x8b\xf0\x85\xf6t\x0f\xfft\xb7\xfc\xe8Z\xfe\xff\xffN\xc1\xe6\x05\x03\xc6_^]\xc2\x0c\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xecV3\xc93\xf69M\x0ct\x0e\x8bE\x089\x0c\xb0u\x18F;u\x0cu\xf5\xffu\x10Qj\x11\xe8\\xb7\xfe\xff3\xc0^]\xc2\x0c\x00\xff4\xb0\xe8M\xfe\xff\xff\xc1\xe6\x05\x03\xc6\xeb\xec\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xecQ FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xfc\x839\x00u\x08N\x83\xe9\x04\x85\xf6u\xf3\x8dD\x18\xfc\x838\x00u\x08J\x83\xe8\x04\x85\xd2u\xf3\xffu0\x8b]\xe4\x8dE\x80P\xffu,\x89u\xe8\x8bu\xe0SV\x8dE\x90P\x89U\xec\xe8\x89'\x00\x00\x85\xc0\x0f\x84 \x01\x00\x00\x8bM\x803\xffG\x85\xc9u 9M\x84\x0f\x84\x00\xfc\xff\xff\x8bE,;E\x14\x0f\x83\xf1\x00\x00\x00\x89\x0c\x86\x8bE,\x8bM\x84\x89\x0c\x83\xe94\xfe\xff\xff\x8b}\xf4\x8bU\xb4\xc1\xe7\x02\xc1\xe2\x02\x8bD\x15\xe8\x8bL\x15\xe0\x8dt=\xe8\x8b\x1e+\xd8\x89E\xfc\x8bE,C\x89M\xb4\xe8\xcb\xf6\xff\xff\xffu0\x89E\xf8\xffu\xd4\x8bD=\xd8\xffu\xd0j\x00\xffu\xfc\xfft\x15\xd8\xff6P\xe8\xa1\x11\x00\x00\x85\xc0\x0f\x84\x85\x00\x00\x00\x8bM\xd0\x8b\xc3\xe8\x98\xf6\xff\xff\x8bM\xd4\x8b\xd8\x8bE\xfc\xe8\x8b\xf6\xff\xff\x89\x06\xc1\xe0\x02P\xffu\xd4\xfft=\xd8\xe8\xe1<\x00\x00\x83\xc4\x0c\xffu0\xffu\xd4\xffu FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x01\x00\x00\x8dt\x9e\xfc\x8b\x06;\xc1\x89u\xe8\x0f\x84\xff\x00\x00\x00P\x89M\xfc\x89M\xec\xe8\xe0\xde\xff\xff\x8b>j Y+\xc8\x83\xfb\x02\x89M\xf8r \x8bE\x08\x8bt\x98\xf8\xeb\x023\xf6\x83\xfb\x03r \x8bE\x08\x8bT\x98\xf4\xeb\x023\xd2j\x1f[\xffu\x14+\xd9\x83e\xf4\x00\x8b\xc6\xd1\xe8\x8b\xcb\xd3\xe8\x8bM\xf8\xd3\xe7\xd1\xea\x8b\xcb\xd3\xea\x8bM\xf8\xd3\xe6\x0b\xc7\x8d}\xecW\x0b\xd6\x8b\xf2\x83\xcb\xff\x8d}\xfcW\x8b\xd3P+\xd0\x8b\xcb+\xceRQ\xe8\xa8\xfe\xff\xff\x85\xc0t9\x8bE\xfc\xf7\xe6;U\xec\xc7E\xf4\x01\x00\x00\x00\x89E\xe0v\x03\xffM\xfc\x8bM\xf8\x8bE\xe8\x8b}\x0c\x8b\xf3\xd3\xee+0O;u\xfcsD\x85\xffv\x0f\x8bE\x08\x8bD\xb8\xfc\xeb\x08\x83e\xf4\x00\xebW3\xc0\x8bU\x08\x83e\xe4\x00\x8b\xcb+\xc8\x8bE\xfc\xf7$\xba;\xd6w\x17r\x04;\xc1w\x11+\xc8\x1b\xf2\x89u\xe4\x8b\xf1u \x85\xffu\xbb\xeb\x03 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xfb\xcb\x0f\xd4\xc1\x0f\x7f\xc1\x0f\x7f\xd3\x0f\xdb\xcb\x0f\x7f \x83\xc1\x10O\x0fs\xd0 \x0f\x7f\xc1u\xd19S\x0c\x0f\xef\xc0\x0f\x7f\xc3\x0f\xfb\xd9\x0f\x7f\xd9\x0f\xdf\xcat.\x8bK\x08+\xf1\x0fo\x14\x0e\x0f\xd4\xc2\x0fo\x11\x0f\x7f\xcb\x0f\xdb\xd3\x0f\xd4\xc2\x0f\x7f\xc2\x0f~\xd7\x89<\x90B\x83\xc1\x10;S\x0c\x0fs\xd0 u\xd7\x0fw3\xc0_@^\x8b\xe5]\x8b\xe3[\xc2\x0c\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffS\x8b\xdcQQ\x83\xe4\xf0\x83\xc4\x04U\x8bk\x04\x89l$\x04\x8b\xec\x83\xec8\x8bC\x10\x8bK\x18\x83e\xec\x00\x83M\xe8\xff\x83e\xe4\x00\x83M\xe0\xfff\x0foU\xe0\x89E\xd0\x8bC\x14V\x8b0W\x8bx \x8b@\x1c\x89E\xdc\x8bC\x08\x8b\x10\x0f\xafU\xdc\x83\xc1\x0f\x8b\xc6\x83\xe1\xf0\xc1\xe0\x04\x03\xc1\x85\xf6\x89U\xc8\x89E\xd4tY\x8bS\x08+\xd7\x89E\xf8)M\xf8f\x0f\xef\xc0\x89M\xd8\x89}\xfc\x89U\xcc\x89u\xf4\xeb\x03\x8bU\xcc\x8b}\xfc FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \xff\x85\xf6t\x08\x8b\xc8\x8b\xc2\x8b\xd1\x8b\xce\x83e\x14\x00\x85\xd2_u\x0f\x8bU\x18\x8bu\xfc\x89\x02\x89J\x04\xebh\xd1\xea\x8b\xda\xf7\xd3\xf6\xc3\x01u\xf5\xeb1;\xc2\x1b\xf6\xf7\xde+\xce+\xc2\xeb
\x8b\xf1\xc1\xe6\x1e\xc1\xe8\x02\x0b\xc6\xc1\xe9\x02\xa8\x03t\xef\x8b\xd8\xf7\xd3\xf6\xc3\x01t\x0b\x8b\xf1\xc1\xe6\x1f\xd1\xe8\x0b\xc6\xd1\xe9\x85\xc9u\xcb\xffu\x1c\x8dM\x14QRP\xe8
\xfe\xff\xff3\xf6\x85\xc0t\x12\x8bE\x14\x83e\x14\x00\x8bM\x18F3\xd2\x89\x01\x89Q\x04\x8b\xc6^[\xc9\xc2\x18\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec\x83\xec\x10SVW\xffu\x1c\xffu\x10\xffu\x0c\xe8\xd3\xbf\xff\xff\x8bu\x18\x8b\x1e\xffu\x1c\x8bN\x08\x89E\xf8\x8b\xc3\xc1\xe0\x02j\x00\x03\xc8Q\x89E\xf0\xe8 \xc6\xff\xff\x8b\xf8\x85\xff\x89}\xfcu\x073\xdb\xe9\xbc\x01\x00\x00\x83}\xf8\x00\xffu\x1c\xff6u\x1d\xffv \x8bF,\xffu\x14PP\xe8\xf8\xb3\xff\xff\x8b\xd8\xf7\xdb FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => Data\x002\x00\x00CryptUnprotectData\x00d\x00\x00SHGetFolderPathW\x002\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\xe0\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xe0\x02\x00\xe0\x11\x00\x00\x10\xdf\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00N\xe3\x02\x00\xd4\x10\x00\x00<\xde\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00j\xe4\x02\x00\x00\x10\x00\x00T\xe0\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\xe7\x02\x00\x18\x12\x00\x00\x0c\xe0\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00D\xe7\x02\x00\xd0\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\xea\x02\x00\x00\xea\x02\x00\xe0\xe9\x02\x00\xc2\xe9\x02\x00\xa6\xe9\x02\x00\x8a\xe9\x02\x00 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00FL\x01h\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00J\xdd\xa2,y\xe8!\x05\xd4\x13\x00h\xc0\x13\x00h\xbc\x13\x00h\xa8\x13\x00h\x94\x13\x00h\xbc\x13\x00h\x80\x13\x00hl\x13\x00h\xbc\x13\x00hX\x13\x00hH\x13\x00h FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => m (SHA-1)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x80\x00\x00\x80\x00\x00\x00\x80\x00\x00\x00\x80\x00\x00\x00 \x00\x00\x00\x04\x00\x00\x00MD2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x00\x00Message Digest 2 (MD2)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x80\x00\x00\x80\x00\x00\x00\x80\x00\x00\x00\x80\x00\x00\x00 \x00\x00\x00\x04\x00\x00\x00MD4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x00\x00Message Digest 4 (MD4)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x80\x00\x00\x80\x00\x00\x00\x80\x00\x00\x00\x80\x00\x00\x00 \x00\x00\x00\x04\x00\x00\x00MD5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x00\x00Message Dige FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00RSA Data Security's RC4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01f\x00\x008\x00\x00\x008\x00\x00\x008\x00\x00\x00\x0f\x00\x00\x00\x04\x00\x00\x00DES\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\x00Data Encryption Standard (DES)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 f\x00\x00p\x00\x00\x00p\x00\x00\x00p\x00\x00\x00\x0f\x00\x00\x00
\x00\x00\x003DES TWO KEY\x00\x00\x00\x00\x00\x00\x00\x00\x13\x00\x00\x00Two Key Triple DES\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03f\x00\x00\xa8\x00\x00\x00\xa8\x00\x00\x00\xa8\x00\x00\x00\x0f\x00\x00\x00 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtQueryInformationFile |
FileHandle => 0x0000026c FileInformation => \xd0\x10\x03\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtSetInformationFile |
FileHandle => 0x0000026c FileInformation => |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x00\x01\x00\x00P\x01\x00\x00\x1c\x86V\xe4\x80\xb9\x0fs\x00\x007\x00C\x00A\x00P\x00I\x00:\x00 \x00T\x00h\x00e\x00 \x00i\x00n\x00s\x00t\x00a\x00l\x00l\x00 \x00p\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00c\x00o\x00u\x00l\x00d\x00 \x00n\x00o\x00t\x00 \x00o\x00p\x00e\x00n\x00 \x00s\x00i\x00g\x00n\x00a\x00t\x00u\x00r\x00e\x00 \x00f\x00i\x00l\x00e\x00?\x00C\x00A\x00P\x00I\x00:\x00 \x00T\x00h\x00e\x00 \x00i\x00n\x00s\x00t\x00a\x00l\x00l\x00 \x00p\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00c\x00o\x00u\x00l\x00d\x00 \x00n\x00o\x00t\x00 \x00g\x00e\x00t\x00 \x00t\x00h\x00e\x00 \x00s\x00i\x00z\x00e\x00 \x00o\x00f\x00 \x00R\x00s\x00a\x00b\x00a\x00s\x00e\x00.\x00s\x00i\x00 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,032 | 1636 | NtReadFile |
Buffer => \x07:\x0e:\x18:%:t:\x81:\x8f:\x9f:\xad:\xbb:\xc9:\xda:\xe8:\xf6:\x04;\x12; ;2;C;Q;\xa0;\xdb;\xe5;\xef;\xf9;\x10<\x17<'<4<M<T<a<l<~<\x85<\x8f<\x99<\xda<\xe7<\xf7<\x01=\x18=\x1f=/=:=Q=X=h=s=\x85=\x8c=\x96=\xa3=\xde=\xeb=\xfb=\x05>\x1c>#>3>>>R>Y>i>t>\x86>\x8d>\x97>\xa4>\xdf>\xe9>\xf9>\x03?\x17?$?4???S?Z?j?u?\x87?\x8e?\x98?\xa3?\xdc?\xe6?\xf6?\x00\x80\x01\x00\xe4\x01\x00\x00\x000\x170\x1e0.090L0W0g0r0\x840\x8b0\x950\xa20\xee0\xfa0\x081\x1e1(181F1W1d1t1\x821\x901\xa21\xaf1\xbd1\xcb102k2u2\x7f2\x892\xa02\xa72 FileHandle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,082 | 1636 | LdrLoadDll |
Flags => 33291232 BaseAddress => 0x68000000 FileName => rsaenh.dll |
SUCCESS | 0x00000000 | |
| 09:16:58,082 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPAcquireContext FunctionAddress => 0x6800fb46 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,082 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPReleaseContext FunctionAddress => 0x6800f017 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,082 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGenKey FunctionAddress => 0x6800afb1 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,082 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDeriveKey FunctionAddress => 0x6800d086 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,082 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDestroyKey FunctionAddress => 0x68009460 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPSetKeyParam FunctionAddress => 0x68009638 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGetKeyParam FunctionAddress => 0x68009a22 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPExportKey FunctionAddress => 0x6800ba24 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPImportKey FunctionAddress => 0x6800bf8a ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPEncrypt FunctionAddress => 0x68006c8e ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDecrypt FunctionAddress => 0x68007100 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPCreateHash FunctionAddress => 0x680074ba ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPHashData FunctionAddress => 0x68007e56 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPHashSessionKey FunctionAddress => 0x68007fa0 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDestroyHash FunctionAddress => 0x680082d1 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPSignHash FunctionAddress => 0x6800da22 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPVerifySignature FunctionAddress => 0x6800df0a ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGenRandom FunctionAddress => 0x6800d7a7 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGetUserKey FunctionAddress => 0x68009562 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPSetProvParam FunctionAddress => 0x68009e6d ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGetProvParam FunctionAddress => 0x68009f9c ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPSetHashParam FunctionAddress => 0x6800a56f ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGetHashParam FunctionAddress => 0x6800c891 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDuplicateKey FunctionAddress => 0x6800aaae ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,092 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDuplicateHash FunctionAddress => 0x6800852e ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,102 | 1636 | RegOpenKeyExA |
Handle => 0x0000026c Registry => 0x80000002 SubKey => Software\Microsoft\Cryptography |
SUCCESS | 0x00000000 | |
| 09:16:58,102 | 1636 | RegQueryValueExA |
Handle => 0x0000026c DataLength => 37 ValueName => MachineGuid Type => 1 |
SUCCESS | 0x00000000 | |
| 09:16:58,102 | 1636 | RegQueryValueExA |
Handle => 0x0000026c Data => 99d6ed61-80b2-42d4-8c72-45c08cbdb8ae\x00 ValueName => MachineGuid |
SUCCESS | 0x00000000 | |
| 09:16:58,102 | 1636 | RegCloseKey |
Handle => 0x0000026c |
SUCCESS | 0x00000000 | |
| 09:16:58,102 | 1636 | LdrLoadDll |
Flags => 33291008 BaseAddress => 0x77fe0000 FileName => Secur32.dll |
SUCCESS | 0x00000000 | |
| 09:16:58,102 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetUserNameExA FunctionAddress => 0x77fe1dca ModuleHandle => 0x77fe0000 |
SUCCESS | 0x00000000 | |
| 09:16:58,102 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Cryptography\Offload |
FAILURE | 0x00000002 | |
| 09:16:58,102 | 1636 | RegCloseKey |
Handle => 0x00000268 |
SUCCESS | 0x00000000 | |
| 09:16:58,132 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NtCreateEvent FunctionAddress => 0x7c90d070 ModuleHandle => 0x7c900000 |
SUCCESS | 0x00000000 | |
| 09:16:58,142 | 1636 | LdrLoadDll |
Flags => 33291280 BaseAddress => 0x77a80000 FileName => CRYPT32.dll |
SUCCESS | 0x00000000 | |
| 09:16:58,142 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CryptProtectData FunctionAddress => 0x77a8b942 ModuleHandle => 0x77a80000 |
SUCCESS | 0x00000000 | |
| 09:16:58,153 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,153 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,153 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,153 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,153 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,153 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,153 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,163 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,163 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,163 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,163 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,163 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,163 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,163 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,163 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,163 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00237da8 | |
| 09:16:58,163 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,163 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,163 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,163 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,163 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,163 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00237da8 | |
| 09:16:58,173 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security DesiredAccess => 0x00100001 CreateDisposition => 2 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,173 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,173 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,173 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,173 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,173 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00237da8 | |
| 09:16:58,173 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,173 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,173 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,173 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,173 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,173 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00237da8 | |
| 09:16:58,173 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,183 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,183 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,183 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,183 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,183 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00237da8 | |
| 09:16:58,183 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,183 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,183 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,183 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,183 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,183 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00237da8 | |
| 09:16:58,183 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,183 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,183 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,193 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,193 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,193 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00237da8 | |
| 09:16:58,193 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security |
SUCCESS | 0x00237da8 | |
| 09:16:58,193 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,193 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,193 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,193 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,193 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,193 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00237da8 | |
| 09:16:58,193 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security |
SUCCESS | 0x00237da8 | |
| 09:16:58,193 | 1636 | NtCreateFile |
ShareAccess => 0 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\services_rdrk.dat DesiredAccess => 0x0012019f CreateDisposition => 5 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,193 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,193 | 1636 | NtQueryInformationFile |
FileHandle => 0x0000027c FileInformation => \xa0|\x9a\x8d\x8a\xa2\xcf\x01\xa0|\x9a\x8d\x8a\xa2\xcf\x01\xa0|\x9a\x8d\x8a\xa2\xcf\x01\xa0|\x9a\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00=L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xb4\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:16:58,203 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,203 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,203 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,203 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00237da8 | |
| 09:16:58,203 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,203 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,203 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,203 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,203 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,203 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00237da8 | |
| 09:16:58,203 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,203 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,203 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,203 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,203 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,213 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00237da8 | |
| 09:16:58,213 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security |
SUCCESS | 0x00237da8 | |
| 09:16:58,213 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,213 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,213 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,213 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,213 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,213 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00237da8 | |
| 09:16:58,213 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security |
SUCCESS | 0x00237da8 | |
| 09:16:58,213 | 1636 | NtCreateFile |
ShareAccess => 0 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\services_rdr.dat DesiredAccess => 0x0012019f CreateDisposition => 5 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,213 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,213 | 1636 | NtQueryInformationFile |
FileHandle => 0x0000027c FileInformation => \x00\x8b\x9d\x8d\x8a\xa2\xcf\x01\x00\x8b\x9d\x8d\x8a\xa2\xcf\x01\x00\x8b\x9d\x8d\x8a\xa2\xcf\x01\x00\x8b\x9d\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00>L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xb2\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:16:58,213 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,213 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,213 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,213 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00237da8 | |
| 09:16:58,223 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,223 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,223 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,223 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,223 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,223 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00237da8 | |
| 09:16:58,223 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,223 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,223 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,223 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,223 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,223 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00237da8 | |
| 09:16:58,223 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security |
SUCCESS | 0x00237da8 | |
| 09:16:58,223 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,223 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,233 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,233 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,233 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,233 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00237da8 | |
| 09:16:58,233 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security |
SUCCESS | 0x00237da8 | |
| 09:16:58,263 | 1636 | NtCreateFile |
ShareAccess => 0 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\services_rdri.dat DesiredAccess => 0x0012019f CreateDisposition => 5 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,263 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,263 | 1636 | NtQueryInformationFile |
FileHandle => 0x0000027c FileInformation => `\x99\xa0\x8d\x8a\xa2\xcf\x01`\x99\xa0\x8d\x8a\xa2\xcf\x01`\x99\xa0\x8d\x8a\xa2\xcf\x01`\x99\xa0\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00?L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xb4\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:16:58,263 | 1636 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x0000027c ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 09:16:58,263 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x0000027c SubKey => SOFTWARE\Microsoft\Cryptography\Providers\Type 001 |
FAILURE | 0x00000002 | |
| 09:16:58,263 | 1636 | RegOpenKeyExA |
Handle => 0x0000027c Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001 |
SUCCESS | 0x00000000 | |
| 09:16:58,263 | 1636 | RegQueryValueExA |
Handle => 0x0000027c DataLength => 40 ValueName => Name Type => 1 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | RegQueryValueExA |
Handle => 0x0000027c Data => Microsoft Strong Cryptographic Provider\x00 ValueName => Name |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | RegCloseKey |
Handle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | RegOpenKeyExA |
Handle => 0x0000027c Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | RegQueryValueExA |
Handle => 0x0000027c Data => 1 ValueName => Type |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | RegQueryValueExA |
Handle => 0x0000027c DataLength => 11 ValueName => Image Path Type => 1 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | RegQueryValueExA |
Handle => 0x0000027c Data => rsaenh.dll\x00 ValueName => Image Path |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetDllHandle |
ModuleHandle => 0x68000000 FileName => rsaenh.dll |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPAcquireContext FunctionAddress => 0x6800fb46 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPReleaseContext FunctionAddress => 0x6800f017 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGenKey FunctionAddress => 0x6800afb1 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDeriveKey FunctionAddress => 0x6800d086 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDestroyKey FunctionAddress => 0x68009460 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPSetKeyParam FunctionAddress => 0x68009638 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGetKeyParam FunctionAddress => 0x68009a22 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPExportKey FunctionAddress => 0x6800ba24 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPImportKey FunctionAddress => 0x6800bf8a ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPEncrypt FunctionAddress => 0x68006c8e ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDecrypt FunctionAddress => 0x68007100 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPCreateHash FunctionAddress => 0x680074ba ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPHashData FunctionAddress => 0x68007e56 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPHashSessionKey FunctionAddress => 0x68007fa0 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDestroyHash FunctionAddress => 0x680082d1 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPSignHash FunctionAddress => 0x6800da22 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPVerifySignature FunctionAddress => 0x6800df0a ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGenRandom FunctionAddress => 0x6800d7a7 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGetUserKey FunctionAddress => 0x68009562 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPSetProvParam FunctionAddress => 0x68009e6d ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGetProvParam FunctionAddress => 0x68009f9c ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPSetHashParam FunctionAddress => 0x6800a56f ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGetHashParam FunctionAddress => 0x6800c891 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDuplicateKey FunctionAddress => 0x6800aaae ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDuplicateHash FunctionAddress => 0x6800852e ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | RegOpenKeyExA |
Handle => 0x00000278 Registry => 0x80000002 SubKey => Software\Microsoft\Cryptography |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | RegQueryValueExA |
Handle => 0x00000278 DataLength => 37 ValueName => MachineGuid Type => 1 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | RegQueryValueExA |
Handle => 0x00000278 Data => 99d6ed61-80b2-42d4-8c72-45c08cbdb8ae\x00 ValueName => MachineGuid |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | RegCloseKey |
Handle => 0x00000278 |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Cryptography\Offload |
FAILURE | 0x00000002 | |
| 09:16:58,273 | 1636 | RegCloseKey |
Handle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002431a8 | |
| 09:16:58,273 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002431a8 | |
| 09:16:58,273 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002431a8 | |
| 09:16:58,273 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002431a8 | |
| 09:16:58,273 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002431a8 | |
| 09:16:58,273 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002431a8 | |
| 09:16:58,273 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002431a8 | |
| 09:16:58,273 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002431a8 | |
| 09:16:58,273 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002431a8 | |
| 09:16:58,273 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002431a8 | |
| 09:16:58,273 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002431a8 | |
| 09:16:58,273 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002431a8 | |
| 09:16:58,273 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security |
SUCCESS | 0x002431a8 | |
| 09:16:58,273 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002431a8 | |
| 09:16:58,273 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002431a8 | |
| 09:16:58,273 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002431a8 | |
| 09:16:58,273 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002431a8 | |
| 09:16:58,273 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security |
SUCCESS | 0x002431a8 | |
| 09:16:58,273 | 1636 | NtCreateFile |
ShareAccess => 1 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\services_rdrk.dat DesiredAccess => 0x00120089 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000278 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,273 | 1636 | NtQueryInformationFile |
FileHandle => 0x0000027c FileInformation => \xa0|\x9a\x8d\x8a\xa2\xcf\x01\xd0\x03\x9c\x8d\x8a\xa2\xcf\x01\xd0\x03\x9c\x8d\x8a\xa2\xcf\x01\xd0\x03\x9c\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\xb8\x00\x00\x00\x00\x00\x00\x00\xb4\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00=L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x89\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xb4\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:16:58,273 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CryptUnprotectData FunctionAddress => 0x77a8baf0 ModuleHandle => 0x77a80000 |
SUCCESS | 0x00000000 | |
| 09:16:58,283 | 1636 | NtDeviceIoControlFile |
InputBuffer => 32938F0A7B0C2F4874FB177A17A1D03D\x00\x07\x07\x07\x07\x07\x07\x07 FileHandle => 0x00000090 OutputBuffer => 32938F0A7B0C2F4874FB177A17A1D03D\x00\x07\x07\x07\x07\x07\x07\x07 |
SUCCESS | 0x00000000 | |
| 09:16:58,503 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002431a8 | |
| 09:16:58,503 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000278 |
SUCCESS | 0x00000000 | |
| 09:16:58,513 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x0000027c DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,513 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002431a8 | |
| 09:16:58,513 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002431a8 | |
| 09:16:58,513 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000278 |
SUCCESS | 0x00000000 | |
| 09:16:58,513 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x0000027c DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,513 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002431a8 | |
| 09:16:58,513 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002431a8 | |
| 09:16:58,513 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002431a8 | |
| 09:16:58,513 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000278 |
SUCCESS | 0x00000000 | |
| 09:16:58,513 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x0000027c DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,513 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002431a8 | |
| 09:16:58,513 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002431a8 | |
| 09:16:58,523 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002431a8 | |
| 09:16:58,523 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000278 |
SUCCESS | 0x00000000 | |
| 09:16:58,523 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x0000027c DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,523 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002431a8 | |
| 09:16:58,523 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002431a8 | |
| 09:16:58,523 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002431a8 | |
| 09:16:58,523 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000278 |
SUCCESS | 0x00000000 | |
| 09:16:58,523 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x0000027c DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,563 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002431a8 | |
| 09:16:58,563 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002431a8 | |
| 09:16:58,563 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002431a8 | |
| 09:16:58,563 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002431a8 | |
| 09:16:58,563 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000278 |
SUCCESS | 0x00000000 | |
| 09:16:58,573 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x0000027c DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,573 | 1636 | NtQueryInformationFile |
FileHandle => 0x00000278 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:16:58,573 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002431a8 | |
| 09:16:58,573 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002431a8 | |
| 09:16:58,573 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002431a8 | |
| 09:16:58,573 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002431a8 | |
| 09:16:58,573 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000278 |
SUCCESS | 0x00000000 | |
| 09:16:58,573 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x0000027c DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,573 | 1636 | NtQueryInformationFile |
FileHandle => 0x00000278 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:16:58,723 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002431a8 | |
| 09:16:58,733 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002431a8 | |
| 09:16:58,733 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002431a8 | |
| 09:16:58,733 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002431a8 | |
| 09:16:58,733 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000278 |
SUCCESS | 0x00000000 | |
| 09:16:58,733 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x0000027c DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,733 | 1636 | NtQueryInformationFile |
FileHandle => 0x00000278 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:16:58,733 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,743 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,743 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,743 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00237da8 | |
| 09:16:58,743 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000278 |
SUCCESS | 0x00000000 | |
| 09:16:58,743 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x0000027c DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,743 | 1636 | NtQueryInformationFile |
FileHandle => 0x00000278 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:16:58,743 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002431a8 | |
| 09:16:58,753 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002431a8 | |
| 09:16:58,753 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002431a8 | |
| 09:16:58,753 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002431a8 | |
| 09:16:58,753 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000278 |
SUCCESS | 0x00000000 | |
| 09:16:58,753 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x0000027c DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,753 | 1636 | NtQueryInformationFile |
FileHandle => 0x00000278 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:16:58,783 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002431a8 | |
| 09:16:58,783 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002431a8 | |
| 09:16:58,783 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002431a8 | |
| 09:16:58,793 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002431a8 | |
| 09:16:58,793 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000278 |
SUCCESS | 0x00000000 | |
| 09:16:58,793 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x0000027c DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,793 | 1636 | NtQueryInformationFile |
FileHandle => 0x00000278 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:16:58,793 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,793 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,803 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,803 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00237da8 | |
| 09:16:58,803 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000278 |
SUCCESS | 0x00000000 | |
| 09:16:58,803 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x0000027c DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,803 | 1636 | NtQueryInformationFile |
FileHandle => 0x00000278 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:16:58,813 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002431a8 | |
| 09:16:58,813 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002431a8 | |
| 09:16:58,813 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002431a8 | |
| 09:16:58,823 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002431a8 | |
| 09:16:58,823 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000278 |
SUCCESS | 0x00000000 | |
| 09:16:58,823 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x0000027c DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,823 | 1636 | NtQueryInformationFile |
FileHandle => 0x00000278 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:16:58,823 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00237da8 | |
| 09:16:58,823 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00237da8 | |
| 09:16:58,833 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00237da8 | |
| 09:16:58,833 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00237da8 | |
| 09:16:58,833 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000278 |
SUCCESS | 0x00000000 | |
| 09:16:58,833 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x0000027c DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:16:58,833 | 1636 | NtQueryInformationFile |
FileHandle => 0x00000278 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:16:59,565 | 1636 | RegOpenKeyExW |
Handle => 0x00000278 Registry => 0x80000002 SubKey => Software\Adobe\Acrobat Reader\11.0\Installer |
SUCCESS | 0x00000000 | |
| 09:16:59,565 | 1636 | RegQueryValueExW |
Handle => 0x00000278 Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\\x00A\x00d\x00o\x00b\x00e\x00\\x00R\x00e\x00a\x00d\x00e\x00r\x00 \x001\x001\x00.\x000\x00\\x00\x00\x00 ValueName => Path |
SUCCESS | 0x00000000 | |
| 09:16:59,565 | 1636 | RegCloseKey |
Handle => 0x00000278 |
SUCCESS | 0x00000000 | |
| 09:16:59,565 | 1636 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32.DLL |
SUCCESS | 0x00000000 | |
| 09:16:59,565 | 1636 | LdrGetProcedureAddress |
Ordinal => 43 FunctionName => FunctionAddress => 0x7ca23a9d ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,565 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ShellExecuteExW FunctionAddress => 0x7ca02f03 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,575 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInitializeEx FunctionAddress => 0x774fef7b ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,575 | 1636 | RegOpenKeyExA |
Handle => 0x00000278 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer |
SUCCESS | 0x00000000 | |
| 09:16:59,575 | 1636 | RegQueryValueExW |
Handle => 0x00000278 DataLength => 520 ValueName => MaximizeApps Type => 33290608 |
FAILURE | 0x00000002 | |
| 09:16:59,575 | 1636 | RegOpenKeyExA |
Handle => 0x0000027c Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer |
SUCCESS | 0x00000000 | |
| 09:16:59,575 | 1636 | RegQueryValueExW |
Handle => 0x0000027c DataLength => 520 ValueName => MaximizeApps Type => 33290608 |
FAILURE | 0x00000002 | |
| 09:16:59,575 | 1636 | RegCloseKey |
Handle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:59,575 | 1636 | RegCloseKey |
Handle => 0x00000278 |
SUCCESS | 0x00000000 | |
| 09:16:59,585 | 1636 | LdrLoadDll |
Flags => 33290920 BaseAddress => 0x5b860000 FileName => netapi32 |
SUCCESS | 0x00000000 | |
| 09:16:59,585 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NetGetJoinInformation FunctionAddress => 0x5b869b54 ModuleHandle => 0x5b860000 |
SUCCESS | 0x00000000 | |
| 09:16:59,585 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => PIPE\wkssvc DesiredAccess => 0xc0100080 CreateDisposition => 1 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:59,585 | 1636 | NtSetInformationFile |
FileHandle => 0x0000027c FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 09:16:59,595 | 1636 | NtWriteFile |
Buffer => \x05\x00\x0b\x03\x10\x00\x00\x00H\x00\x00\x00\x01\x00\x00\x00\xb8\x10\xb8\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x98\xd0\xffk\x12\xa1\x106\x983F\xc3\xf8~4Z\x01\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00 FileHandle => 0x0000027c |
SUCCESS | 0x00000000 | |
| 09:16:59,595 | 1636 | NtReadFile |
Buffer => FileHandle => 0x0000027c |
SUCCESS | 0x00000103 | |
| 09:16:59,595 | 1636 | LdrGetDllHandle |
ModuleHandle => 0x5b860000 FileName => netapi32 |
SUCCESS | 0x00000000 | |
| 09:16:59,595 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NetApiBufferFree FunctionAddress => 0x5b867a00 ModuleHandle => 0x5b860000 |
SUCCESS | 0x00000000 | |
| 09:16:59,605 | 1636 | RegOpenKeyExW |
Handle => 0x0000027e Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions |
SUCCESS | 0x00000000 | |
| 09:16:59,605 | 1636 | RegEnumKeyW |
Handle => 0x0000027e Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 0 |
SUCCESS | 0x00000000 | |
| 09:16:59,605 | 1636 | RegOpenKeyExW |
Handle => 0x0000027a Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
SUCCESS | 0x00000000 | |
| 09:16:59,605 | 1636 | RegQueryValueExW |
Handle => 0x0000027a Data => 32 ValueName => DriveMask |
SUCCESS | 0x00000000 | |
| 09:16:59,605 | 1636 | RegCloseKey |
Handle => 0x0000027a |
SUCCESS | 0x00000000 | |
| 09:16:59,605 | 1636 | RegEnumKeyW |
Handle => 0x0000027e Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 1 |
FAILURE | 0x00000103 | |
| 09:16:59,605 | 1636 | RegCloseKey |
Handle => 0x0000027e |
SUCCESS | 0x00000000 | |
| 09:16:59,605 | 1636 | LdrLoadDll |
Flags => 33288956 BaseAddress => 0x7c9c0000 FileName => SHELL32.dll |
SUCCESS | 0x00000000 | |
| 09:16:59,605 | 1636 | LdrGetProcedureAddress |
Ordinal => 102 FunctionName => FunctionAddress => 0x7c9ef5e2 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,605 | 1636 | LdrLoadDll |
Flags => 33288996 BaseAddress => 0x774e0000 FileName => ole32.dll |
SUCCESS | 0x00000000 | |
| 09:16:59,605 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoTaskMemAlloc FunctionAddress => 0x774fd060 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,605 | 1636 | LdrGetProcedureAddress |
Ordinal => 320 FunctionName => FunctionAddress => 0x773e0a75 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,605 | 1636 | LdrGetProcedureAddress |
Ordinal => 324 FunctionName => FunctionAddress => 0x773e0c22 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,605 | 1636 | LdrGetProcedureAddress |
Ordinal => 323 FunctionName => FunctionAddress => 0x773e0b17 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,605 | 1636 | RegOpenKeyExW |
Handle => 0x0000027c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer |
SUCCESS | 0x00000000 | |
| 09:16:59,605 | 1636 | RegOpenKeyExW |
Handle => 0x00000278 Registry => 0x0000027c SubKey => FileExts |
SUCCESS | 0x00000000 | |
| 09:16:59,605 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000278 SubKey => .exe |
FAILURE | 0x00000002 | 1 time |
| 09:16:59,605 | 1636 | LdrGetProcedureAddress |
Ordinal => 326 FunctionName => FunctionAddress => 0x773e0cc1 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000282 Registry => 0x80000000 SubKey => .exe |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000282 Data => e\x00x\x00e\x00f\x00i\x00l\x00e\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000286 Registry => 0x80000000 SubKey => exefile |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000286 SubKey => CurVer |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x0000028a Registry => 0x00000286 SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegCloseKey |
Handle => 0x00000286 |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoTaskMemFree FunctionAddress => 0x774fd044 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000284 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 DataLength => 4 ValueName => DontShowSuperHidden Type => 33288660 |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegCloseKey |
Handle => 0x00000284 |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000284 Registry => 0x0000027c SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 DataLength => 36 ValueName => ShellState Type => 3 |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 Data => ValueName => ShellState |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegCloseKey |
Handle => 0x00000284 |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000284 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 DataLength => 4 ValueName => ForceActiveDesktopOn Type => 33287992 |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegCloseKey |
Handle => 0x00000284 |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000284 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 DataLength => 4 ValueName => NoActiveDesktop Type => 33287988 |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegCloseKey |
Handle => 0x00000284 |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | 1 time |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\System |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | 1 time |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000284 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 DataLength => 4 ValueName => NoWebView Type => 33287992 |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegCloseKey |
Handle => 0x00000284 |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000284 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 DataLength => 4 ValueName => ClassicShell Type => 33287992 |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegCloseKey |
Handle => 0x00000284 |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000284 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 DataLength => 4 ValueName => SeparateProcess Type => 33287992 |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegCloseKey |
Handle => 0x00000284 |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000284 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 DataLength => 4 ValueName => NoNetCrawling Type => 33287992 |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegCloseKey |
Handle => 0x00000284 |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000284 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 DataLength => 4 ValueName => NoSimpleStartMenu Type => 33287992 |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegCloseKey |
Handle => 0x00000284 |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000284 Registry => 0x0000027c SubKey => Advanced |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 Data => 2 ValueName => Hidden |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 Data => 1 ValueName => ShowCompColor |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 Data => 1 ValueName => HideFileExt |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 Data => 0 ValueName => DontPrettyPath |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 Data => 1 ValueName => ShowInfoTip |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 Data => 0 ValueName => HideIcons |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 Data => 0 ValueName => MapNetDrvBtn |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 Data => 1 ValueName => WebView |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 Data => 0 ValueName => Filter |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 DataLength => 4 ValueName => ShowSuperHidden Type => 33289160 |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 Data => 0 ValueName => SeparateProcess |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x00000284 DataLength => 4 ValueName => NoNetCrawling Type => 33289160 |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegCloseKey |
Handle => 0x00000284 |
SUCCESS | 0x00000000 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000028a SubKey => ShellEx\IconHandler |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000000 SubKey => SystemFileAssociations\.exe |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000000 SubKey => SystemFileAssociations\application |
FAILURE | 0x00000002 | |
| 09:16:59,615 | 1636 | RegQueryValueExW |
Handle => 0x0000028a DataLength => 0 ValueName => DocObject Type => 0 |
FAILURE | 0x00000002 | |
| 09:16:59,625 | 1636 | RegQueryValueExW |
Handle => 0x0000028a DataLength => 0 ValueName => BrowseInPlace Type => 0 |
FAILURE | 0x00000002 | |
| 09:16:59,625 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000028a SubKey => Clsid |
FAILURE | 0x00000002 | |
| 09:16:59,625 | 1636 | RegOpenKeyExW |
Handle => 0x0000028e Registry => 0x80000000 SubKey => * |
SUCCESS | 0x00000000 | |
| 09:16:59,625 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000028e SubKey => Clsid |
FAILURE | 0x00000002 | |
| 09:16:59,625 | 1636 | RegQueryValueExW |
Handle => 0x0000028a DataLength => 0 ValueName => IsShortcut Type => 0 |
FAILURE | 0x00000002 | |
| 09:16:59,625 | 1636 | RegQueryValueExW |
Handle => 0x0000028a DataLength => 0 ValueName => AlwaysShowExt Type => 0 |
FAILURE | 0x00000002 | |
| 09:16:59,625 | 1636 | RegQueryValueExW |
Handle => 0x0000028a DataLength => 0 ValueName => NeverShowExt Type => 0 |
FAILURE | 0x00000002 | |
| 09:16:59,625 | 1636 | LdrGetProcedureAddress |
Ordinal => 388 FunctionName => FunctionAddress => 0x773e1535 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,625 | 1636 | RegCloseKey |
Handle => 0x00000282 |
SUCCESS | 0x00000000 | |
| 09:16:59,625 | 1636 | RegCloseKey |
Handle => 0x0000028a |
SUCCESS | 0x00000000 | |
| 09:16:59,625 | 1636 | RegCloseKey |
Handle => 0x0000028e |
SUCCESS | 0x00000000 | |
| 09:16:59,625 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoTaskMemFree FunctionAddress => 0x774fd044 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,625 | 1636 | LdrGetProcedureAddress |
Ordinal => 328 FunctionName => FunctionAddress => 0x773e1559 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,625 | 1636 | LdrLoadDll |
Flags => 33289120 BaseAddress => 0x77920000 FileName => SETUPAPI.dll |
SUCCESS | 0x00000000 | |
| 09:16:59,625 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CM_Get_Device_Interface_List_Size_ExW FunctionAddress => 0x77929025 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 09:16:59,625 | 1636 | LookupPrivilegeValueW |
SystemName => PrivilegeName => SeLoadDriverPrivilege |
SUCCESS | 0x00000001 | |
| 09:16:59,635 | 1636 | LookupPrivilegeValueW |
SystemName => PrivilegeName => SeUndockPrivilege |
SUCCESS | 0x00000001 | |
| 09:16:59,635 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CM_Get_Device_Interface_List_ExW FunctionAddress => 0x7792a15c ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 09:16:59,635 | 1636 | NtOpenFile |
ShareAccess => 3 FileName => IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3231303037333036372020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} DesiredAccess => 0x00100080 FileHandle => 0x000002a4 |
SUCCESS | 0x00000000 | 1 time |
| 09:16:59,645 | 1636 | DeviceIoControl |
DeviceHandle => 0x000002a4 OutBuffer => \x1c\x00\\x00D\x00e\x00v\x00i\x00c\x00e\x00\\x00C\x00d\x00R\x00o\x00m\x000\x00 IoControlCode => 5046280 InBuffer => |
SUCCESS | 0x00000001 | |
| 09:16:59,645 | 1636 | NtQueryInformationFile |
FileHandle => 0xffffffff FileInformation => \x00\x00\x00\x00\x84\xf1\xfb\x01x \x82|<\xfc\x81|\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x80\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\xdc\xf1\xfb\x01\xe4\xf3\xfb\x01\xe4\xf3\xfb\x01D\xf0\xfb\x01\x18\x00\x00\x00\x00\x00\x00\x00h\xef\xfb\x01@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb0\xc7$\x00h\xc3\x1f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00 |
FAILURE | 3221225508 | |
| 09:16:59,645 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => MountPointManager DesiredAccess => 0x00100080 CreateDisposition => 1 FileHandle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,645 | 1636 | DeviceIoControl |
DeviceHandle => 0x000002a4 OutBuffer => \xea\x01\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x1c\x00\x00\x00\\x00D\x00e\x00v\x00 IoControlCode => 7143432 InBuffer => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x1c\x00\x00\x00\\x00D\x00e\x00v\x00i\x00c\x00e\x00\\x00C\x00d\x00R\x00o\x00m\x000\x00 |
FAILURE | 0x00000000 | |
| 09:16:59,645 | 1636 | DeviceIoControl |
DeviceHandle => 0x000002a4 OutBuffer => \xea\x01\x00\x00\x02\x00\x00\x00n\x01\x00\x00`\x00\x00\x008\x00\x00\x00\x1a\x01\x00\x00R\x01\x00\x00\x1c\x00v\x00\xce\x01\x00\x00\x1c\x00\\x008\x00\x00\x00\x1a\x01o\x00R\x01\x00\x00\x1c\x00\x00\x00\\x00?\x00?\x00\\x00I\x00D\x00E\x00#\x00C\x00d\x00R\x00o\x00m\x00V\x00B\x00O\x00X\x00_\x00C\x00D\x00-\x00R\x00O\x00M\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x001\x00.\x000\x00_\x00_\x00_\x00_\x00_\x00#\x004\x002\x005\x006\x002\x00d\x003\x002\x003\x001\x003\x000\x003\x000\x003\x007\x003\x003\x003\x000\x003\x006\x003\x007\x002\x000\x002\x000\x002\x000\x002\x000\x002\x000\x002\x000\x002\x000\x00 IoControlCode => 7143432 InBuffer => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x1c\x00\x00\x00\\x00D\x00e\x00v\x00i\x00c\x00e\x00\\x00C\x00d\x00R\x00o\x00m\x000\x00 |
SUCCESS | 0x00000001 | |
| 09:16:59,645 | 1636 | RegOpenKeyExW |
Handle => 0x000002a4 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 09:16:59,645 | 1636 | RegOpenKeyExW |
Handle => 0x000002a8 Registry => 0x000002a4 SubKey => {e6c716a0-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 09:16:59,655 | 1636 | RegCloseKey |
Handle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,655 | 1636 | RegQueryValueExW |
Handle => 0x000002a8 Data => ValueName => Data |
SUCCESS | 0x00000000 | |
| 09:16:59,655 | 1636 | RegCloseKey |
Handle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,655 | 1636 | RegOpenKeyExW |
Handle => 0x000002a8 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 09:16:59,655 | 1636 | RegOpenKeyExW |
Handle => 0x000002a4 Registry => 0x000002a8 SubKey => {e6c716a0-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 09:16:59,655 | 1636 | RegCloseKey |
Handle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,655 | 1636 | RegQueryValueExW |
Handle => 0x000002a4 Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 09:16:59,655 | 1636 | RegCloseKey |
Handle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,655 | 1636 | LdrGetProcedureAddress |
Ordinal => 334 FunctionName => FunctionAddress => 0x773e0f5a ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,655 | 1636 | NtOpenFile |
ShareAccess => 3 FileName => STORAGE#Volume#1&30a96598&0&SignatureC7EDC7EDOffset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} DesiredAccess => 0x00100080 FileHandle => 0x000002a4 |
SUCCESS | 0x00000000 | 1 time |
| 09:16:59,655 | 1636 | DeviceIoControl |
DeviceHandle => 0x000002a4 OutBuffer => .\x00\\x00D\x00e\x00v\x00i\x00c\x00e\x00\\x00H\x00a\x00r\x00d\x00d\x00i\x00s\x00k\x00V\x00o\x00l\x00u\x00m\x00e\x001\x00 IoControlCode => 5046280 InBuffer => |
SUCCESS | 0x00000001 | |
| 09:16:59,655 | 1636 | NtQueryInformationFile |
FileHandle => 0xffffffff FileInformation => \x00\x00\x00\x00\x84\xf1\xfb\x01x \x82|<\xfc\x81|\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x80\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\xdc\xf1\xfb\x01\xe4\xf3\xfb\x01\xe4\xf3\xfb\x01S\x00o\x00\x18\x00\x00\x00\x00\x00\x00\x00h\xef\xfb\x01@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd8\xc7$\x00\xc8\x14 \x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00 |
FAILURE | 3221225508 | |
| 09:16:59,655 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => MountPointManager DesiredAccess => 0x00100080 CreateDisposition => 1 FileHandle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,655 | 1636 | DeviceIoControl |
DeviceHandle => 0x000002a4 OutBuffer => \xee\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00.\x00\x00\x00\\x00D\x00e\x00v\x00 IoControlCode => 7143432 InBuffer => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00.\x00\x00\x00\\x00D\x00e\x00v\x00i\x00c\x00e\x00\\x00H\x00a\x00r\x00d\x00d\x00i\x00s\x00k\x00V\x00o\x00l\x00u\x00m\x00e\x001\x00 |
FAILURE | 0x00000000 | |
| 09:16:59,665 | 1636 | DeviceIoControl |
DeviceHandle => 0x000002a4 OutBuffer => \xee\x00\x00\x00\x02\x00\x00\x00r\x00\x00\x00`\x00\x00\x008\x00\x00\x00\x0c\x00\x00\x00D\x00\x00\x00.\x00v\x00\xd2\x00\x00\x00\x1c\x00\\x008\x00\x00\x00\x0c\x00d\x00D\x00\x00\x00.\x00k\x00\xed\xc7\xed\xc7\x00~\x00\x00\x00\x00\x00\x00\\x00D\x00e\x00v\x00i\x00c\x00e\x00\\x00H\x00a\x00r\x00d\x00d\x00i\x00s\x00k\x00V\x00o\x00l\x00u\x00m\x00e\x001\x00\\x00?\x00?\x00\\x00V\x00o\x00l\x00u\x00m\x00e\x00{\x00e\x006\x00c\x007\x001\x006\x00a\x002\x00-\x00b\x005\x006\x001\x00-\x001\x001\x00e\x001\x00-\x009\x008\x004\x009\x00-\x008\x000\x006\x00d\x006\x001\x007\x002\x006\x009\x006\x00f\x00}\x00\\x00D\x00o\x00s\x00D\x00e\x00v\x00i\x00c\x00e\x00s\x00\\x00C\x00:\x00 IoControlCode => 7143432 InBuffer => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00.\x00\x00\x00\\x00D\x00e\x00v\x00i\x00c\x00e\x00\\x00H\x00a\x00r\x00d\x00d\x00i\x00s\x00k\x00V\x00o\x00l\x00u\x00m\x00e\x001\x00 |
SUCCESS | 0x00000001 | |
| 09:16:59,665 | 1636 | RegOpenKeyExW |
Handle => 0x000002a4 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 09:16:59,665 | 1636 | RegOpenKeyExW |
Handle => 0x000002a8 Registry => 0x000002a4 SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 09:16:59,665 | 1636 | RegCloseKey |
Handle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,665 | 1636 | RegQueryValueExW |
Handle => 0x000002a8 Data => ValueName => Data |
SUCCESS | 0x00000000 | |
| 09:16:59,665 | 1636 | RegCloseKey |
Handle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,665 | 1636 | RegOpenKeyExW |
Handle => 0x000002a8 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 09:16:59,665 | 1636 | RegOpenKeyExW |
Handle => 0x000002a4 Registry => 0x000002a8 SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 09:16:59,665 | 1636 | RegCloseKey |
Handle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,665 | 1636 | RegQueryValueExW |
Handle => 0x000002a4 Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 09:16:59,665 | 1636 | RegCloseKey |
Handle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,665 | 1636 | LdrGetProcedureAddress |
Ordinal => 332 FunctionName => FunctionAddress => 0x773e0df4 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,675 | 1636 | NtQueryInformationFile |
FileHandle => 0xffffffff FileInformation => |
FAILURE | 3221225508 | |
| 09:16:59,675 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => MountPointManager DesiredAccess => 0x00100080 CreateDisposition => 1 FileHandle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,675 | 1636 | DeviceIoControl |
DeviceHandle => 0x000002a4 OutBuffer => \x08\x00\x00\x00 IoControlCode => 7143476 InBuffer => `\x00\\x00?\x00?\x00\\x00V\x00o\x00l\x00u\x00m\x00e\x00{\x00e\x006\x00c\x007\x001\x006\x00a\x002\x00-\x00b\x005\x006\x001\x00-\x001\x001\x00e\x001\x00-\x009\x008\x004\x009\x00-\x008\x000\x006\x00d\x006\x001\x007\x002\x006\x009\x006\x00f\x00}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
FAILURE | 0x00000000 | |
| 09:16:59,675 | 1636 | DeviceIoControl |
DeviceHandle => 0x000002a4 OutBuffer => \x08\x00\x00\x00C\x00:\x00\x00\x00\x00\x00 IoControlCode => 7143476 InBuffer => `\x00\\x00?\x00?\x00\\x00V\x00o\x00l\x00u\x00m\x00e\x00{\x00e\x006\x00c\x007\x001\x006\x00a\x002\x00-\x00b\x005\x006\x001\x00-\x001\x001\x00e\x001\x00-\x009\x008\x004\x009\x00-\x008\x000\x006\x00d\x006\x001\x007\x002\x006\x009\x006\x00f\x00}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 09:16:59,675 | 1636 | NtQueryInformationFile |
FileHandle => 0xffffffff FileInformation => \xbb\x01\x91|\x84\xf4\xfb\x01\x7f\x0e\x82|<\xfc\x81|\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x80\x00\x00\x00\xff\xff\xff\xff\xe0b\x1e\x00\xfc\x0c\x82|\x80~#\x00b\x00d\x00\xd8\x9b\x18\x00h\xfc\xfb\x01\xc0\x9a\x83|\xc0\xf4\xfb\x01\x18\x0e\xa0|\xd8\x9b\x18\x00\x80~#\x00\x05\x00\x00\x00\xb8\xf4\xfb\x01\x00\x00\x00\x00.\x93\x80|\x00\x00\x00\x00\x08\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00h\x15>w\x05\x00\x00\x00\x7fI\x00\x00\xd8\xf4\xfb\x01\x8e\x0c\xa0|\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\xf8\xf4\xfb\x01Y\x0b\xa0|\x00\x00\x00\x00\xa8\xf5\xbc|\x05@\x00\x80\\x00\x00\x00\x7fI\x00\x00\x7fI\x00\x00 \xf5\xfb\x01%\x0c\xa0|\x00\x00\x00\x00\xa8\xf5\xbc|\x00\x00\x00\x00h\xfc\xfb\x01\xdcF_w\xc8\xd4Ow\xff\xff\xff\xff\x7fI\x00\x00<\xf5\xfb\x01\xba\xa0\x9e|\x02\x00\x00\x00\x00\x00\x00\x00\xc02$\x00\x03\x00\x07\x80\xa4\xf5\xfb\x01p\xf5\xfb\x01 |
FAILURE | 3221225508 | |
| 09:16:59,675 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => MountPointManager DesiredAccess => 0x00100080 CreateDisposition => 1 FileHandle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,675 | 1636 | DeviceIoControl |
DeviceHandle => 0x000002a4 OutBuffer => \x08\x00\x00\x00 IoControlCode => 7143476 InBuffer => `\x00\\x00?\x00?\x00\\x00V\x00o\x00l\x00u\x00m\x00e\x00{\x00e\x006\x00c\x007\x001\x006\x00a\x002\x00-\x00b\x005\x006\x001\x00-\x001\x001\x00e\x001\x00-\x009\x008\x004\x009\x00-\x008\x000\x006\x00d\x006\x001\x007\x002\x006\x009\x006\x00f\x00}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
FAILURE | 0x00000000 | |
| 09:16:59,685 | 1636 | DeviceIoControl |
DeviceHandle => 0x000002a4 OutBuffer => \x08\x00\x00\x00C\x00:\x00\x00\x00\x00\x00 IoControlCode => 7143476 InBuffer => `\x00\\x00?\x00?\x00\\x00V\x00o\x00l\x00u\x00m\x00e\x00{\x00e\x006\x00c\x007\x001\x006\x00a\x002\x00-\x00b\x005\x006\x001\x00-\x001\x001\x00e\x001\x00-\x009\x008\x004\x009\x00-\x008\x000\x006\x00d\x006\x001\x007\x002\x006\x009\x006\x00f\x00}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 09:16:59,685 | 1636 | RegCreateKeyExW |
Handle => 0x000002a4 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 09:16:59,685 | 1636 | RegSetValueExW |
Handle => 0x000002a4 Buffer => D\x00r\x00i\x00v\x00e\x00\x00\x00 ValueName => BaseClass Type => 1 |
SUCCESS | 0x00000000 | |
| 09:16:59,685 | 1636 | RegCloseKey |
Handle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,685 | 1636 | NtQueryInformationFile |
FileHandle => 0xffffffff FileInformation => @\x00\x91|\x84\xf4\xfb\x01\x7f\x0e\x82|<\xfc\x81|\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x80\x00\x00\x00\xff\xff\xff\xff\x10b\x1e\x00\xfc\x0c\x82|\x80~#\x00b\x00d\x00h\x9b\x18\x00\x80~#\x00h\xfc\xfb\x01\xc0\xf4\xfb\x01\xde \xa0|h\x9b\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8\xf4\xfb\x01\x00\x00\x00\x00.\x93\x80|\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00h\x15>w\x05\x00\x00\x00\x7fI\x00\x00\xd8\xf4\xfb\x01\x8e\x0c\xa0|\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\xf8\xf4\xfb\x01Y\x0b\xa0|\x00\x00\x00\x00\xa8\xf5\xbc|\x05@\x00\x80\\x00\x00\x00\x7fI\x00\x00\x7fI\x00\x00 \xf5\xfb\x01%\x0c\xa0|\x00\x00\x00\x00\xa8\xf5\xbc|\x00\x00\x00\x00h\xfc\xfb\x01\xdcF_w\xc8\xd4Ow\xff\xff\xff\xff\x7fI\x00\x00<\xf5\xfb\x01\xba\xa0\x9e|\x02\x00\x00\x00\x00\x00\x00\x00\xc02$\x00\x03\x00\x07\x80\xa4\xf5\xfb\x01p\xf5\xfb\x01 |
FAILURE | 3221225508 | |
| 09:16:59,685 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => MountPointManager DesiredAccess => 0x00100080 CreateDisposition => 1 FileHandle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,685 | 1636 | DeviceIoControl |
DeviceHandle => 0x000002a4 OutBuffer => \x08\x00\x00\x00 IoControlCode => 7143476 InBuffer => `\x00\\x00?\x00?\x00\\x00V\x00o\x00l\x00u\x00m\x00e\x00{\x00e\x006\x00c\x007\x001\x006\x00a\x000\x00-\x00b\x005\x006\x001\x00-\x001\x001\x00e\x001\x00-\x009\x008\x004\x009\x00-\x008\x000\x006\x00d\x006\x001\x007\x002\x006\x009\x006\x00f\x00}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
FAILURE | 0x00000000 | |
| 09:16:59,695 | 1636 | DeviceIoControl |
DeviceHandle => 0x000002a4 OutBuffer => \x08\x00\x00\x00D\x00:\x00\x00\x00\x00\x00 IoControlCode => 7143476 InBuffer => `\x00\\x00?\x00?\x00\\x00V\x00o\x00l\x00u\x00m\x00e\x00{\x00e\x006\x00c\x007\x001\x006\x00a\x000\x00-\x00b\x005\x006\x001\x00-\x001\x001\x00e\x001\x00-\x009\x008\x004\x009\x00-\x008\x000\x006\x00d\x006\x001\x007\x002\x006\x009\x006\x00f\x00}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 09:16:59,695 | 1636 | NtQueryInformationFile |
FileHandle => 0xffffffff FileInformation => \xbb\x01\x91|\x84\xf4\xfb\x01\x7f\x0e\x82|<\xfc\x81|\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x80\x00\x00\x00\xff\xff\xff\xff\x10b\x1e\x00\xfc\x0c\x82|\x80~#\x00b\x00d\x00h\x9b\x18\x00h\xfc\xfb\x01\xc0\x9a\x83|\xc0\xf4\xfb\x01\x18\x0e\xa0|h\x9b\x18\x00\x80~#\x00\x05\x00\x00\x00\xb8\xf4\xfb\x01\x00\x00\x00\x00.\x93\x80|\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00h\x15>w\x05\x00\x00\x00\x7fI\x00\x00\xd8\xf4\xfb\x01\x8e\x0c\xa0|\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\xf8\xf4\xfb\x01Y\x0b\xa0|\x00\x00\x00\x00\xa8\xf5\xbc|\x05@\x00\x80\\x00\x00\x00\x7fI\x00\x00\x7fI\x00\x00 \xf5\xfb\x01%\x0c\xa0|\x00\x00\x00\x00\xa8\xf5\xbc|\x00\x00\x00\x00h\xfc\xfb\x01\xdcF_w\xc8\xd4Ow\xff\xff\xff\xff\x7fI\x00\x00<\xf5\xfb\x01\xba\xa0\x9e|\x02\x00\x00\x00\x00\x00\x00\x00\xc02$\x00\x03\x00\x07\x80\xa4\xf5\xfb\x01p\xf5\xfb\x01 |
FAILURE | 3221225508 | |
| 09:16:59,695 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => MountPointManager DesiredAccess => 0x00100080 CreateDisposition => 1 FileHandle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,695 | 1636 | DeviceIoControl |
DeviceHandle => 0x000002a4 OutBuffer => \x08\x00\x00\x00 IoControlCode => 7143476 InBuffer => `\x00\\x00?\x00?\x00\\x00V\x00o\x00l\x00u\x00m\x00e\x00{\x00e\x006\x00c\x007\x001\x006\x00a\x000\x00-\x00b\x005\x006\x001\x00-\x001\x001\x00e\x001\x00-\x009\x008\x004\x009\x00-\x008\x000\x006\x00d\x006\x001\x007\x002\x006\x009\x006\x00f\x00}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
FAILURE | 0x00000000 | |
| 09:16:59,695 | 1636 | DeviceIoControl |
DeviceHandle => 0x000002a4 OutBuffer => \x08\x00\x00\x00D\x00:\x00\x00\x00\x00\x00 IoControlCode => 7143476 InBuffer => `\x00\\x00?\x00?\x00\\x00V\x00o\x00l\x00u\x00m\x00e\x00{\x00e\x006\x00c\x007\x001\x006\x00a\x000\x00-\x00b\x005\x006\x001\x00-\x001\x001\x00e\x001\x00-\x009\x008\x004\x009\x00-\x008\x000\x006\x00d\x006\x001\x007\x002\x006\x009\x006\x00f\x00}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 09:16:59,695 | 1636 | RegCreateKeyExW |
Handle => 0x000002a4 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6c716a0-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 09:16:59,695 | 1636 | RegSetValueExW |
Handle => 0x000002a4 Buffer => D\x00r\x00i\x00v\x00e\x00\x00\x00 ValueName => BaseClass Type => 1 |
SUCCESS | 0x00000000 | |
| 09:16:59,695 | 1636 | RegCloseKey |
Handle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,695 | 1636 | RegOpenKeyExW |
Handle => 0x000002a4 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 09:16:59,695 | 1636 | RegOpenKeyExW |
Handle => 0x000002a8 Registry => 0x000002a4 SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 09:16:59,695 | 1636 | RegCloseKey |
Handle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,705 | 1636 | RegQueryValueExW |
Handle => 0x000002a8 Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 09:16:59,705 | 1636 | RegCloseKey |
Handle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,705 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings |
SUCCESS | 0x002432f8 | |
| 09:16:59,705 | 1636 | RegOpenKeyExW |
Handle => 0x000002aa Registry => 0x80000000 SubKey => Directory |
SUCCESS | 0x00000000 | |
| 09:16:59,705 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000002aa SubKey => CurVer |
FAILURE | 0x00000002 | |
| 09:16:59,705 | 1636 | RegOpenKeyExW |
Handle => 0x000002a6 Registry => 0x000002aa SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:59,705 | 1636 | RegCloseKey |
Handle => 0x000002aa |
SUCCESS | 0x00000000 | |
| 09:16:59,705 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000002a6 SubKey => ShellEx\IconHandler |
FAILURE | 0x00000002 | |
| 09:16:59,715 | 1636 | RegQueryValueExW |
Handle => 0x000002a6 DataLength => 0 ValueName => DocObject Type => 0 |
FAILURE | 0x00000002 | |
| 09:16:59,715 | 1636 | RegQueryValueExW |
Handle => 0x000002a6 DataLength => 0 ValueName => BrowseInPlace Type => 0 |
FAILURE | 0x00000002 | |
| 09:16:59,715 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000002a6 SubKey => Clsid |
FAILURE | 0x00000002 | |
| 09:16:59,715 | 1636 | RegOpenKeyExW |
Handle => 0x000002aa Registry => 0x80000000 SubKey => Folder |
SUCCESS | 0x00000000 | |
| 09:16:59,715 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000002aa SubKey => Clsid |
FAILURE | 0x00000002 | |
| 09:16:59,715 | 1636 | RegQueryValueExW |
Handle => 0x000002a6 DataLength => 0 ValueName => IsShortcut Type => 0 |
FAILURE | 0x00000002 | |
| 09:16:59,715 | 1636 | RegQueryValueExW |
Handle => 0x000002a6 DataLength => 2 ValueName => AlwaysShowExt Type => 1 |
SUCCESS | 0x00000000 | |
| 09:16:59,715 | 1636 | RegQueryValueExW |
Handle => 0x000002a6 DataLength => 0 ValueName => NeverShowExt Type => 0 |
FAILURE | 0x00000002 | |
| 09:16:59,715 | 1636 | RegCloseKey |
Handle => 0x000002a6 |
SUCCESS | 0x00000000 | |
| 09:16:59,725 | 1636 | RegCloseKey |
Handle => 0x000002aa |
SUCCESS | 0x00000000 | |
| 09:16:59,725 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002432f8 | |
| 09:16:59,725 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\My Documents |
SUCCESS | 0x002432f8 | |
| 09:16:59,725 | 1636 | LdrGetProcedureAddress |
Ordinal => 66 FunctionName => FunctionAddress => 0x7c9f063c ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,725 | 1636 | LdrGetProcedureAddress |
Ordinal => 100 FunctionName => FunctionAddress => 0x7c9ec059 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,725 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:16:59,725 | 1636 | RegOpenKeyExW |
Handle => 0x000002a8 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:16:59,725 | 1636 | RegQueryValueExW |
Handle => 0x000002a8 DataLength => 4 ValueName => UseDesktopIniCache Type => 33282048 |
FAILURE | 0x00000002 | |
| 09:16:59,725 | 1636 | RegCloseKey |
Handle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,735 | 1636 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\My Documents\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,735 | 1636 | NtQueryInformationFile |
FileHandle => 0x000002a8 FileInformation => P\x00\x00\x00\x00\x00\x00\x00J\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:16:59,735 | 1636 | NtReadFile |
Buffer => [DeleteOnCopy]
Owner=TDW
Personalized=5
PersonalizedName=My Documents
FileHandle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,735 | 1636 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x01fc0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,745 | 1636 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\My Documents\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,745 | 1636 | NtQueryInformationFile |
FileHandle => 0x000002a8 FileInformation => P\x00\x00\x00\x00\x00\x00\x00J\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:16:59,745 | 1636 | NtReadFile |
Buffer => [DeleteOnCopy]
Owner=TDW
Personalized=5
PersonalizedName=My Documents
FileHandle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,745 | 1636 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x01fc0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,745 | 1636 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\My Documents\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,755 | 1636 | NtQueryInformationFile |
FileHandle => 0x000002a8 FileInformation => P\x00\x00\x00\x00\x00\x00\x00J\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:16:59,755 | 1636 | NtReadFile |
Buffer => [DeleteOnCopy]
Owner=TDW
Personalized=5
PersonalizedName=My Documents
FileHandle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,755 | 1636 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x01fc0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,755 | 1636 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\My Documents\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,755 | 1636 | NtQueryInformationFile |
FileHandle => 0x000002a8 FileInformation => P\x00\x00\x00\x00\x00\x00\x00J\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:16:59,755 | 1636 | NtReadFile |
Buffer => [DeleteOnCopy]
Owner=TDW
Personalized=5
PersonalizedName=My Documents
FileHandle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,755 | 1636 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x01fc0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,755 | 1636 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\My Documents\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,755 | 1636 | NtQueryInformationFile |
FileHandle => 0x000002a8 FileInformation => P\x00\x00\x00\x00\x00\x00\x00J\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:16:59,755 | 1636 | NtReadFile |
Buffer => [DeleteOnCopy]
Owner=TDW
Personalized=5
PersonalizedName=My Documents
FileHandle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,755 | 1636 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x01fc0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,765 | 1636 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\My Documents\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,765 | 1636 | NtQueryInformationFile |
FileHandle => 0x000002a8 FileInformation => P\x00\x00\x00\x00\x00\x00\x00J\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:16:59,765 | 1636 | NtReadFile |
Buffer => [DeleteOnCopy]
Owner=TDW
Personalized=5
PersonalizedName=My Documents
FileHandle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,765 | 1636 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x01fc0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,765 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoUninitialize FunctionAddress => 0x774fee46 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,765 | 1636 | RegCreateKeyExW |
Handle => 0x000002a8 Access => 33554432 Registry => 0x80000002 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 09:16:59,765 | 1636 | RegQueryValueExW |
Handle => 0x000002a8 Data => %\x00A\x00L\x00L\x00U\x00S\x00E\x00R\x00S\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00\x00\x00 ValueName => Common Documents |
SUCCESS | 0x00000000 | |
| 09:16:59,765 | 1636 | RegCloseKey |
Handle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,765 | 1636 | RegCreateKeyExW |
Handle => 0x000002a8 Access => 33554432 Registry => 0x80000002 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 09:16:59,765 | 1636 | RegSetValueExW |
Handle => 0x000002a8 Buffer => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00A\x00l\x00l\x00 \x00U\x00s\x00e\x00r\x00s\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00\x00\x00 ValueName => Common Documents Type => 1 |
SUCCESS | 0x00000000 | |
| 09:16:59,775 | 1636 | RegCloseKey |
Handle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,775 | 1636 | RegOpenKeyExW |
Handle => 0x000002a8 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 09:16:59,775 | 1636 | RegOpenKeyExW |
Handle => 0x000002a4 Registry => 0x000002a8 SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 09:16:59,775 | 1636 | RegCloseKey |
Handle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,775 | 1636 | RegQueryValueExW |
Handle => 0x000002a4 Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 09:16:59,775 | 1636 | RegCloseKey |
Handle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,775 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings |
SUCCESS | 0x00243368 | |
| 09:16:59,775 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\All Users |
SUCCESS | 0x00243368 | |
| 09:16:59,775 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\All Users\Documents |
SUCCESS | 0x00243368 | |
| 09:16:59,785 | 1636 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\All Users\Documents\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,785 | 1636 | NtQueryInformationFile |
FileHandle => 0x000002a4 FileInformation => @\x00\x00\x00\x00\x00\x00\x00>\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:16:59,785 | 1636 | NtReadFile |
Buffer => [.ShellClassInfo]
LocalizedResourceName=@shell32.dll,-21785
FileHandle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,785 | 1636 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x01fc0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,785 | 1636 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\All Users\Documents\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,785 | 1636 | NtQueryInformationFile |
FileHandle => 0x000002a4 FileInformation => @\x00\x00\x00\x00\x00\x00\x00>\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:16:59,785 | 1636 | NtReadFile |
Buffer => [.ShellClassInfo]
LocalizedResourceName=@shell32.dll,-21785
FileHandle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,785 | 1636 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x01fc0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\All Users\Documents\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | NtQueryInformationFile |
FileHandle => 0x000002a4 FileInformation => @\x00\x00\x00\x00\x00\x00\x00>\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | NtReadFile |
Buffer => [.ShellClassInfo]
LocalizedResourceName=@shell32.dll,-21785
FileHandle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x01fc0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegCreateKeyExW |
Handle => 0x000002a4 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegQueryValueExW |
Handle => 0x000002a4 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00D\x00e\x00s\x00k\x00t\x00o\x00p\x00\x00\x00 ValueName => Desktop |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegCloseKey |
Handle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegCreateKeyExW |
Handle => 0x000002a4 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegSetValueExW |
Handle => 0x000002a4 Buffer => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00D\x00e\x00s\x00k\x00t\x00o\x00p\x00\x00\x00 ValueName => Desktop Type => 1 |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegCloseKey |
Handle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegOpenKeyExW |
Handle => 0x000002a4 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegOpenKeyExW |
Handle => 0x000002a8 Registry => 0x000002a4 SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegCloseKey |
Handle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegQueryValueExW |
Handle => 0x000002a8 Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegCloseKey |
Handle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings |
SUCCESS | 0x002432f8 | |
| 09:16:59,795 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002432f8 | |
| 09:16:59,795 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Desktop |
SUCCESS | 0x002432f8 | |
| 09:16:59,795 | 1636 | RegCreateKeyExW |
Handle => 0x000002a8 Access => 33554432 Registry => 0x80000002 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegQueryValueExW |
Handle => 0x000002a8 Data => %\x00A\x00L\x00L\x00U\x00S\x00E\x00R\x00S\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00D\x00e\x00s\x00k\x00t\x00o\x00p\x00\x00\x00 ValueName => Common Desktop |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegCloseKey |
Handle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegCreateKeyExW |
Handle => 0x000002a8 Access => 33554432 Registry => 0x80000002 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegSetValueExW |
Handle => 0x000002a8 Buffer => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00A\x00l\x00l\x00 \x00U\x00s\x00e\x00r\x00s\x00\\x00D\x00e\x00s\x00k\x00t\x00o\x00p\x00\x00\x00 ValueName => Common Desktop Type => 1 |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegCloseKey |
Handle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegOpenKeyExW |
Handle => 0x000002a8 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegOpenKeyExW |
Handle => 0x000002a4 Registry => 0x000002a8 SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegCloseKey |
Handle => 0x000002a8 |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegQueryValueExW |
Handle => 0x000002a4 Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | RegCloseKey |
Handle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,795 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings |
SUCCESS | 0x00243368 | |
| 09:16:59,795 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\All Users |
SUCCESS | 0x00243368 | |
| 09:16:59,795 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\All Users\Desktop |
SUCCESS | 0x00243368 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x000002a4 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegEnumValueW |
Index => 0 Handle => 0x000002a4 DataLength => 0 ValueName => {AEB6717E-7E19-11d0-97EE-00C04FD91972} Type => 1 |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x000002aa Registry => 0x80000000 SubKey => CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegQueryValueExW |
Handle => 0x000002aa Data => s\x00h\x00e\x00l\x00l\x003\x002\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegQueryValueExW |
Handle => 0x000002aa DataLength => 0 ValueName => LoadWithoutCOM Type => 0 |
FAILURE | 0x00000002 | |
| 09:16:59,805 | 1636 | RegCloseKey |
Handle => 0x000002aa |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegEnumValueW |
Index => 1 Handle => 0x000002a4 DataLength => 0 ValueName => {AEB6717E-7E19-11d0-97EE-00C04FD91972} Type => 33290996 |
FAILURE | 0x00000103 | |
| 09:16:59,805 | 1636 | RegCloseKey |
Handle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Associations |
FAILURE | 0x00000002 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Associations |
FAILURE | 0x00000002 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Associations |
FAILURE | 0x00000002 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Associations |
FAILURE | 0x00000002 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Associations |
FAILURE | 0x00000002 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Associations |
FAILURE | 0x00000002 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Associations |
FAILURE | 0x00000002 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Associations |
FAILURE | 0x00000002 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x000002a6 Registry => 0x80000000 SubKey => .exe |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegQueryValueExW |
Handle => 0x000002a6 Data => e\x00x\x00e\x00f\x00i\x00l\x00e\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegCloseKey |
Handle => 0x000002a6 |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000000 SubKey => .ade |
FAILURE | 0x00000002 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000000 SubKey => .adp |
FAILURE | 0x00000002 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000000 SubKey => .app |
FAILURE | 0x00000002 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x000002a6 Registry => 0x80000000 SubKey => .asp |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegQueryValueExW |
Handle => 0x000002a6 Data => a\x00s\x00p\x00f\x00i\x00l\x00e\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegCloseKey |
Handle => 0x000002a6 |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000000 SubKey => .bas |
FAILURE | 0x00000002 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x000002a6 Registry => 0x80000000 SubKey => .bat |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegQueryValueExW |
Handle => 0x000002a6 Data => b\x00a\x00t\x00f\x00i\x00l\x00e\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegCloseKey |
Handle => 0x000002a6 |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x000002a6 Registry => 0x80000000 SubKey => .cer |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegQueryValueExW |
Handle => 0x000002a6 Data => C\x00E\x00R\x00F\x00i\x00l\x00e\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegCloseKey |
Handle => 0x000002a6 |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x000002a6 Registry => 0x80000000 SubKey => .chm |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegQueryValueExW |
Handle => 0x000002a6 Data => c\x00h\x00m\x00.\x00f\x00i\x00l\x00e\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegCloseKey |
Handle => 0x000002a6 |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x000002a6 Registry => 0x80000000 SubKey => .cmd |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegQueryValueExW |
Handle => 0x000002a6 Data => c\x00m\x00d\x00f\x00i\x00l\x00e\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegCloseKey |
Handle => 0x000002a6 |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x000002a6 Registry => 0x80000000 SubKey => .com |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegQueryValueExW |
Handle => 0x000002a6 Data => c\x00o\x00m\x00f\x00i\x00l\x00e\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegCloseKey |
Handle => 0x000002a6 |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x000002a6 Registry => 0x80000000 SubKey => .cpl |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegQueryValueExW |
Handle => 0x000002a6 Data => c\x00p\x00l\x00f\x00i\x00l\x00e\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegCloseKey |
Handle => 0x000002a6 |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x000002a6 Registry => 0x80000000 SubKey => .crt |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegQueryValueExW |
Handle => 0x000002a6 Data => C\x00E\x00R\x00F\x00i\x00l\x00e\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegCloseKey |
Handle => 0x000002a6 |
SUCCESS | 0x00000000 | |
| 09:16:59,805 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000000 SubKey => .csh |
FAILURE | 0x00000002 | |
| 09:16:59,815 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoGetClassObject FunctionAddress => 0x775156c5 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,815 | 1636 | RegOpenKeyExW |
Handle => 0x000002a4 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 09:16:59,815 | 1636 | RegQueryValueExW |
Handle => 0x000002a4 Data => 1 ValueName => Com+Enabled |
SUCCESS | 0x00000000 | |
| 09:16:59,815 | 1636 | RegCloseKey |
Handle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,825 | 1636 | LdrLoadDll |
Flags => 33290296 BaseAddress => 0x76fd0000 FileName => CLBCATQ.DLL |
SUCCESS | 0x00000000 | |
| 09:16:59,825 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetCatalogObject FunctionAddress => 0x76fd3f78 ModuleHandle => 0x76fd0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,825 | 1636 | RegOpenKeyExW |
Handle => 0x000002a4 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 09:16:59,825 | 1636 | RegQueryValueExW |
Handle => 0x000002a4 Data => 1 ValueName => Com+Enabled |
SUCCESS | 0x00000000 | |
| 09:16:59,845 | 1636 | RegCloseKey |
Handle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 09:16:59,845 | 1636 | LdrLoadDll |
Flags => 33290296 BaseAddress => 0x76fd0000 FileName => CLBCATQ.DLL |
SUCCESS | 0x00000000 | |
| 09:16:59,845 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetCatalogObject2 FunctionAddress => 0x76fd4017 ModuleHandle => 0x76fd0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,845 | 1636 | LdrGetDllHandle |
ModuleHandle => 0x774e0000 FileName => ole32.dll |
SUCCESS | 0x00000000 | |
| 09:16:59,845 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CLSIDFromOle1Class FunctionAddress => 0x775188b9 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,845 | 1636 | NtOpenKey |
DesiredAccess => 33554432 KeyHandle => 0x000002a8 ObjectAttributes => \Registry\User\S-1-5-21-1935655697-1606980848-1060284298-1003_Classes |
SUCCESS | 0x00000000 | |
| 09:16:59,845 | 1636 | RegOpenKeyExW |
Handle => 0x000002a4 Registry => 0x80000002 SubKey => Software\Classes |
SUCCESS | 0x00000000 | |
| 09:16:59,845 | 1636 | RegOpenKeyExW |
Handle => 0x000002b0 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 09:16:59,855 | 1636 | NtOpenKey |
DesiredAccess => 16 KeyHandle => 0x000002b8 ObjectAttributes => \REGISTRY\USER |
SUCCESS | 0x00000000 | |
| 09:16:59,855 | 1636 | RegOpenKeyExW |
Handle => 0x000002c0 Registry => 0x80000002 SubKey => Software\Classes |
SUCCESS | 0x00000000 | |
| 09:16:59,855 | 1636 | NtOpenKey |
DesiredAccess => 16 KeyHandle => 0x000002c8 ObjectAttributes => \REGISTRY\USER |
SUCCESS | 0x00000000 | |
| 09:16:59,855 | 1636 | RegOpenKeyExW |
Handle => 0x000002d0 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 09:16:59,855 | 1636 | RegOpenKeyExW |
Handle => 0x000002d8 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 09:16:59,855 | 1636 | RegOpenKeyExW |
Handle => 0x000002e0 Registry => 0x80000002 SubKey => Software\Classes\CLSID |
SUCCESS | 0x00000000 | |
| 09:16:59,855 | 1636 | RegOpenKeyExW |
Handle => 0x000002e8 Registry => 0x80000002 SubKey => Software\Classes |
SUCCESS | 0x00000000 | |
| 09:16:59,855 | 1636 | RegOpenKeyExW |
Handle => 0x000002f0 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 09:16:59,865 | 1636 | NtOpenKey |
DesiredAccess => 16 KeyHandle => 0x000002f8 ObjectAttributes => \REGISTRY\USER |
SUCCESS | 0x00000000 | |
| 09:16:59,865 | 1636 | RegOpenKeyExW |
Handle => 0x00000300 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 09:16:59,865 | 1636 | RegOpenKeyExW |
Handle => 0x00000308 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 09:16:59,865 | 1636 | RegOpenKeyExW |
Handle => 0x00000310 Registry => 0x80000002 SubKey => Software\Classes\CLSID |
SUCCESS | 0x00000000 | |
| 09:16:59,875 | 1636 | RegOpenKeyExW |
Handle => 0x00000318 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 09:16:59,875 | 1636 | RegQueryValueExW |
Handle => 0x00000318 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 09:16:59,875 | 1636 | RegCloseKey |
Handle => 0x00000318 |
SUCCESS | 0x00000000 | |
| 09:16:59,875 | 1636 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32.DLL |
SUCCESS | 0x00000000 | |
| 09:16:59,875 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InitializeCriticalSectionAndSpinCount FunctionAddress => 0x7c80b8b9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:16:59,875 | 1636 | NtCreateFile |
ShareAccess => 1 FileName => C:\WINDOWS\Registration\R000000000007.clb DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x00000318 |
SUCCESS | 0x00000000 | |
| 09:16:59,875 | 1636 | NtQueryInformationFile |
FileHandle => 0x00000318 FileInformation => \x00`\x00\x00\x00\x00\x00\x00\xf0W\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:16:59,875 | 1636 | NtSetInformationFile |
FileHandle => 0x00000318 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 09:16:59,875 | 1636 | NtReadFile |
Buffer => COM+\x01\x00\x00\x00\x01\x00\x12\x00$\x00\x00\x00\x00\x01\x01\x00c\x00\x00\x00\x00\x00\x00\x01\x01\x00\x00\x00\x00\x01\x10\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00F\x0e\x00\x00\x000\x01\x00\x00\xa0\x03\x00\x003_0\x00\xd0\x04\x00\x00\x0c\x00\x00\x003_1\x00\xdc\x04\x00\x00\x88\x02\x00\x003_2\x00d\x07\x00\x00<\x00\x00\x003_3\x00\xa0\x07\x00\x00\x90\x08\x00\x003_4\x000\x10\x00\x00(\x00\x00\x003_5\x00X\x10\x00\x00(\x00\x00\x003_6\x00\x80\x10\x00\x00(\x00\x00\x003_7\x00\xa8\x10\x00\x00\x88\x10\x00\x003_8\x000!\x00\x00\xa8 \x00\x003_9\x00\xd8*\x00\x00<\x04\x00\x003_10\x00\x00\x00\x00\x14/\x00\x00\x0c\x01\x00\x003_11\x00\x00\x00\x00 0\x00\x00\x1c\x00\x00\x003_12\x00\x00\x00\x00<0\x00\x00\x14\x00\x00\x003_16\x00\x00\x00\x00P0\x00\x00\x90\x0e\x00\x00#Schema\x00\xe0>\x00\x00 FileHandle => 0x00000318 |
SUCCESS | 0x00000000 | |
| 09:16:59,875 | 1636 | RegOpenKeyExW |
Handle => 0x00000318 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 09:16:59,885 | 1636 | RegQueryValueExW |
Handle => 0x00000318 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 09:16:59,885 | 1636 | RegCloseKey |
Handle => 0x00000318 |
SUCCESS | 0x00000000 | |
| 09:16:59,885 | 1636 | RegOpenKeyExW |
Handle => 0x0000031a Registry => 0x000002aa SubKey => CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 09:16:59,885 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000031a SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 09:16:59,885 | 1636 | RegOpenKeyExW |
Handle => 0x0000031e Registry => 0x000002aa SubKey => |
SUCCESS | 0x00000000 | |
| 09:16:59,885 | 1636 | RegCloseKey |
Handle => 0x0000031a |
SUCCESS | 0x00000000 | |
| 09:16:59,885 | 1636 | RegOpenKeyExW |
Handle => 0x0000031a Registry => 0x0000031e SubKey => CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 09:16:59,885 | 1636 | RegOpenKeyExW |
Handle => 0x00000322 Registry => 0x0000031a SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 09:16:59,885 | 1636 | RegQueryValueExW |
Handle => 0x00000322 DataLength => 1000 ValueName => InprocServer32 Type => 33357920 |
FAILURE | 0x00000002 | |
| 09:16:59,895 | 1636 | RegCloseKey |
Handle => 0x00000322 |
SUCCESS | 0x00000000 | |
| 09:16:59,895 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000031a SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 09:16:59,895 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000031a SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 09:16:59,895 | 1636 | RegOpenKeyExW |
Handle => 0x00000322 Registry => 0x0000031a SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 09:16:59,895 | 1636 | RegQueryValueExW |
Handle => 0x00000322 Data => C\x00:\x00\\x00W\x00I\x00N\x00D\x00O\x00W\x00S\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00u\x00r\x00l\x00m\x00o\x00n\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:16:59,895 | 1636 | RegCloseKey |
Handle => 0x00000322 |
SUCCESS | 0x00000000 | |
| 09:16:59,895 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000031a SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 09:16:59,895 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000031a SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 09:16:59,895 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000031a SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 09:16:59,895 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000031a SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 09:16:59,895 | 1636 | RegOpenKeyExW |
Handle => 0x00000322 Registry => 0x0000031e SubKey => CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 09:16:59,895 | 1636 | RegQueryValueExW |
Handle => 0x00000322 DataLength => 100 ValueName => AppID Type => 33290088 |
FAILURE | 0x00000002 | |
| 09:16:59,895 | 1636 | RegCloseKey |
Handle => 0x00000322 |
SUCCESS | 0x00000000 | |
| 09:16:59,895 | 1636 | RegCloseKey |
Handle => 0x0000031a |
SUCCESS | 0x00000000 | |
| 09:16:59,895 | 1636 | RegOpenKeyExW |
Handle => 0x0000031a Registry => 0x0000031e SubKey => CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 09:16:59,895 | 1636 | RegOpenKeyExW |
Handle => 0x00000322 Registry => 0x0000031a SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 09:16:59,895 | 1636 | RegQueryValueExW |
Handle => 0x00000322 Data => B\x00o\x00t\x00h\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 09:16:59,895 | 1636 | RegCloseKey |
Handle => 0x00000322 |
SUCCESS | 0x00000000 | |
| 09:16:59,895 | 1636 | RegCloseKey |
Handle => 0x0000031a |
SUCCESS | 0x00000000 | |
| 09:16:59,895 | 1636 | RegOpenKeyExW |
Handle => 0x0000031a Registry => 0x80000000 SubKey => CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 09:16:59,895 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000031a SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 09:16:59,895 | 1636 | RegCloseKey |
Handle => 0x0000031a |
SUCCESS | 0x00000000 | |
| 09:16:59,955 | 1636 | LdrLoadDll |
Flags => 33286968 BaseAddress => 0x7e1e0000 FileName => C:\WINDOWS\system32\urlmon.dll |
SUCCESS | 0x00000000 | |
| 09:16:59,955 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllGetClassObject FunctionAddress => 0x7e1e603a ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,955 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllCanUnloadNow FunctionAddress => 0x7e1e2eec ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,955 | 1636 | RegOpenKeyExA |
Handle => 0x0000032a Registry => 0x80000000 SubKey => CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 09:16:59,955 | 1636 | RegQueryValueExW |
Handle => 0x0000032a Data => C\x00:\x00\\x00W\x00I\x00N\x00D\x00O\x00W\x00S\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00u\x00r\x00l\x00m\x00o\x00n\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:16:59,955 | 1636 | LdrLoadDll |
Flags => 33289640 BaseAddress => 0x7e1e0000 FileName => C:\WINDOWS\system32\urlmon.dll |
SUCCESS | 0x00000000 | |
| 09:16:59,955 | 1636 | RegCloseKey |
Handle => 0x0000032a |
SUCCESS | 0x00000000 | |
| 09:16:59,955 | 1636 | RegOpenKeyExA |
Handle => 0x00000328 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 09:16:59,965 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 09:16:59,965 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 09:16:59,975 | 1636 | RegOpenKeyExA |
Handle => 0x00000330 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 09:16:59,975 | 1636 | RegOpenKeyExA |
Handle => 0x00000334 Registry => 0x00000330 SubKey => Ranges\ |
SUCCESS | 0x00000000 | |
| 09:16:59,975 | 1636 | RegQueryInfoKeyW |
MaxClassLength => 0 MaxValueLength => 0 MaxValueNameLength => 0 ValueCount => 0 MaxSubKeyLength => 0 KeyHandle => 0x00000334 SubKeyCount => 0 Class => |
SUCCESS | 0x00000000 | |
| 09:16:59,975 | 1636 | RegCloseKey |
Handle => 0x00000334 |
SUCCESS | 0x00000000 | |
| 09:16:59,975 | 1636 | NtCreateSection |
ObjectAttributes => C:\ntdll DesiredAccess => 0x000f0007 SectionHandle => 0x00000334 FileHandle => 0x00000000 |
SUCCESS | 0x40000000 | |
| 09:16:59,975 | 1636 | ZwMapViewOfSection |
SectionOffset => 0x01fbf5f8 SectionHandle => 0x00000334 ProcessHandle => 0xffffffff BaseAddress => 0x020e0000 |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegOpenKeyExW |
Handle => 0x00000338 Registry => 0x80000002 SubKey => System\Setup |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegQueryValueExW |
Handle => 0x00000338 Data => 0 ValueName => SystemSetupInProgress |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegCloseKey |
Handle => 0x00000338 |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegOpenKeyExW |
Handle => 0x00000338 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegOpenKeyExW |
Handle => 0x0000033c Registry => 0x00000338 SubKey => 0 |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegCloseKey |
Handle => 0x0000033c |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegOpenKeyExW |
Handle => 0x0000033c Registry => 0x00000338 SubKey => 1 |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegCloseKey |
Handle => 0x0000033c |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegOpenKeyExW |
Handle => 0x0000033c Registry => 0x00000338 SubKey => 2 |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegCloseKey |
Handle => 0x0000033c |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegOpenKeyExW |
Handle => 0x0000033c Registry => 0x00000338 SubKey => 3 |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegCloseKey |
Handle => 0x0000033c |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegOpenKeyExW |
Handle => 0x0000033c Registry => 0x00000338 SubKey => 4 |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegCloseKey |
Handle => 0x0000033c |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegCloseKey |
Handle => 0x00000338 |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
FAILURE | 0x00000002 | |
| 09:16:59,985 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
FAILURE | 0x00000002 | |
| 09:16:59,985 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
FAILURE | 0x00000002 | |
| 09:16:59,985 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
FAILURE | 0x00000002 | |
| 09:16:59,985 | 1636 | RegOpenKeyExA |
Handle => 0x00000338 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegEnumKeyExW |
Index => 0 Handle => 0x00000338 Name => 0 Class => |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegOpenKeyExA |
Handle => 0x0000033c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
FAILURE | 0x00000002 | |
| 09:16:59,985 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
FAILURE | 0x00000002 | |
| 09:16:59,985 | 1636 | RegOpenKeyExA |
Handle => 0x00000340 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
SUCCESS | 0x00000000 | |
| 09:16:59,985 | 1636 | RegQueryValueExW |
Handle => 0x00000340 Data => 33 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegCloseKey |
Handle => 0x0000033c |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegEnumKeyExW |
Index => 1 Handle => 0x00000338 Name => 1 Class => |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegOpenKeyExA |
Handle => 0x0000033c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
FAILURE | 0x00000002 | |
| 09:16:59,995 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
FAILURE | 0x00000002 | |
| 09:16:59,995 | 1636 | RegOpenKeyExA |
Handle => 0x00000340 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegQueryValueExW |
Handle => 0x00000340 Data => 219 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegOpenKeyExA |
Handle => 0x00000344 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegSetValueExW |
Handle => 0x00000344 Buffer => 1 ValueName => ProxyBypass Type => 4 |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegSetValueExW |
Handle => 0x00000344 Buffer => 1 ValueName => IntranetName Type => 4 |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegSetValueExW |
Handle => 0x00000344 Buffer => 1 ValueName => UNCAsIntranet Type => 4 |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegCloseKey |
Handle => 0x0000033c |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegEnumKeyExW |
Index => 2 Handle => 0x00000338 Name => 2 Class => |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegOpenKeyExA |
Handle => 0x0000033c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
FAILURE | 0x00000002 | |
| 09:16:59,995 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
FAILURE | 0x00000002 | |
| 09:16:59,995 | 1636 | RegOpenKeyExA |
Handle => 0x00000340 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegQueryValueExW |
Handle => 0x00000340 Data => 71 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegCloseKey |
Handle => 0x0000033c |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegEnumKeyExW |
Index => 3 Handle => 0x00000338 Name => 3 Class => |
SUCCESS | 0x00000000 | |
| 09:16:59,995 | 1636 | RegOpenKeyExA |
Handle => 0x0000033c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
SUCCESS | 0x00000000 | |
| 09:17:00,005 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
FAILURE | 0x00000002 | |
| 09:17:00,005 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
FAILURE | 0x00000002 | |
| 09:17:00,005 | 1636 | RegOpenKeyExA |
Handle => 0x00000340 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
SUCCESS | 0x00000000 | |
| 09:17:00,005 | 1636 | RegQueryValueExW |
Handle => 0x00000340 Data => 1 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 09:17:00,005 | 1636 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 09:17:00,005 | 1636 | RegCloseKey |
Handle => 0x0000033c |
SUCCESS | 0x00000000 | |
| 09:17:00,005 | 1636 | RegEnumKeyExW |
Index => 4 Handle => 0x00000338 Name => 4 Class => |
SUCCESS | 0x00000000 | |
| 09:17:00,005 | 1636 | RegOpenKeyExA |
Handle => 0x0000033c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
SUCCESS | 0x00000000 | |
| 09:17:00,005 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
FAILURE | 0x00000002 | |
| 09:17:00,005 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
FAILURE | 0x00000002 | |
| 09:17:00,005 | 1636 | RegOpenKeyExA |
Handle => 0x00000340 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
SUCCESS | 0x00000000 | |
| 09:17:00,005 | 1636 | RegQueryValueExW |
Handle => 0x00000340 Data => 3 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 09:17:00,005 | 1636 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 09:17:00,005 | 1636 | RegCloseKey |
Handle => 0x0000033c |
SUCCESS | 0x00000000 | |
| 09:17:00,005 | 1636 | RegEnumKeyExW |
Index => 5 Handle => 0x00000338 Name => 4 Class => |
FAILURE | 0x00000103 | |
| 09:17:00,005 | 1636 | RegCloseKey |
Handle => 0x00000338 |
SUCCESS | 0x00000000 | |
| 09:17:00,005 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
FAILURE | 0x00000002 | |
| 09:17:00,005 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
FAILURE | 0x00000002 | |
| 09:17:00,005 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
FAILURE | 0x00000002 | |
| 09:17:00,005 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
FAILURE | 0x00000002 | |
| 09:17:00,005 | 1636 | RegOpenKeyExA |
Handle => 0x00000338 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
SUCCESS | 0x00000000 | |
| 09:17:00,005 | 1636 | RegEnumKeyExW |
Index => 0 Handle => 0x00000338 Name => 0 Class => |
SUCCESS | 0x00000000 | |
| 09:17:00,005 | 1636 | RegOpenKeyExA |
Handle => 0x0000033c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
SUCCESS | 0x00000000 | |
| 09:17:00,005 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
FAILURE | 0x00000002 | |
| 09:17:00,015 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
FAILURE | 0x00000002 | |
| 09:17:00,015 | 1636 | RegOpenKeyExA |
Handle => 0x00000340 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
SUCCESS | 0x00000000 | |
| 09:17:00,015 | 1636 | RegQueryValueExW |
Handle => 0x00000340 Data => 33 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 09:17:00,015 | 1636 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 09:17:00,015 | 1636 | RegCloseKey |
Handle => 0x0000033c |
SUCCESS | 0x00000000 | |
| 09:17:00,015 | 1636 | RegEnumKeyExW |
Index => 1 Handle => 0x00000338 Name => 1 Class => |
SUCCESS | 0x00000000 | |
| 09:17:00,015 | 1636 | RegOpenKeyExA |
Handle => 0x0000033c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 |
SUCCESS | 0x00000000 | |
| 09:17:00,015 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 |
FAILURE | 0x00000002 | |
| 09:17:00,015 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 |
FAILURE | 0x00000002 | |
| 09:17:00,015 | 1636 | RegOpenKeyExA |
Handle => 0x00000340 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
SUCCESS | 0x00000000 | |
| 09:17:00,015 | 1636 | RegQueryValueExW |
Handle => 0x00000340 Data => 219 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 09:17:00,015 | 1636 | RegOpenKeyExA |
Handle => 0x00000344 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 09:17:00,015 | 1636 | RegSetValueExW |
Handle => 0x00000344 Buffer => 1 ValueName => ProxyBypass Type => 4 |
SUCCESS | 0x00000000 | |
| 09:17:00,015 | 1636 | RegSetValueExW |
Handle => 0x00000344 Buffer => 1 ValueName => IntranetName Type => 4 |
SUCCESS | 0x00000000 | |
| 09:17:00,025 | 1636 | RegSetValueExW |
Handle => 0x00000344 Buffer => 1 ValueName => UNCAsIntranet Type => 4 |
SUCCESS | 0x00000000 | |
| 09:17:00,025 | 1636 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:00,025 | 1636 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 09:17:00,025 | 1636 | RegCloseKey |
Handle => 0x0000033c |
SUCCESS | 0x00000000 | |
| 09:17:00,025 | 1636 | RegEnumKeyExW |
Index => 2 Handle => 0x00000338 Name => 2 Class => |
SUCCESS | 0x00000000 | |
| 09:17:00,025 | 1636 | RegOpenKeyExA |
Handle => 0x0000033c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 |
SUCCESS | 0x00000000 | |
| 09:17:00,025 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 |
FAILURE | 0x00000002 | |
| 09:17:00,025 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 |
FAILURE | 0x00000002 | |
| 09:17:00,025 | 1636 | RegOpenKeyExA |
Handle => 0x00000340 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
SUCCESS | 0x00000000 | |
| 09:17:00,025 | 1636 | RegQueryValueExW |
Handle => 0x00000340 Data => 71 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 09:17:00,025 | 1636 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 09:17:00,025 | 1636 | RegCloseKey |
Handle => 0x0000033c |
SUCCESS | 0x00000000 | |
| 09:17:00,025 | 1636 | RegEnumKeyExW |
Index => 3 Handle => 0x00000338 Name => 3 Class => |
SUCCESS | 0x00000000 | |
| 09:17:00,025 | 1636 | RegOpenKeyExA |
Handle => 0x0000033c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 |
SUCCESS | 0x00000000 | |
| 09:17:00,025 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 |
FAILURE | 0x00000002 | |
| 09:17:00,025 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 |
FAILURE | 0x00000002 | |
| 09:17:00,025 | 1636 | RegOpenKeyExA |
Handle => 0x00000340 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
SUCCESS | 0x00000000 | |
| 09:17:00,025 | 1636 | RegQueryValueExW |
Handle => 0x00000340 Data => 1 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 09:17:00,025 | 1636 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 09:17:00,025 | 1636 | RegCloseKey |
Handle => 0x0000033c |
SUCCESS | 0x00000000 | |
| 09:17:00,025 | 1636 | RegEnumKeyExW |
Index => 4 Handle => 0x00000338 Name => 4 Class => |
SUCCESS | 0x00000000 | |
| 09:17:00,025 | 1636 | RegOpenKeyExA |
Handle => 0x0000033c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 |
SUCCESS | 0x00000000 | |
| 09:17:00,025 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 |
FAILURE | 0x00000002 | |
| 09:17:00,025 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 |
FAILURE | 0x00000002 | |
| 09:17:00,025 | 1636 | RegOpenKeyExA |
Handle => 0x00000340 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
SUCCESS | 0x00000000 | |
| 09:17:00,035 | 1636 | RegQueryValueExW |
Handle => 0x00000340 Data => 3 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 09:17:00,035 | 1636 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 09:17:00,035 | 1636 | RegCloseKey |
Handle => 0x0000033c |
SUCCESS | 0x00000000 | |
| 09:17:00,035 | 1636 | RegEnumKeyExW |
Index => 5 Handle => 0x00000338 Name => 4 Class => |
FAILURE | 0x00000103 | |
| 09:17:00,035 | 1636 | RegCloseKey |
Handle => 0x00000338 |
SUCCESS | 0x00000000 | |
| 09:17:00,035 | 1636 | RegOpenKeyExA |
Handle => 0x0000033a Registry => 0x80000000 SubKey => PROTOCOLS\Name-Space Handler\ |
SUCCESS | 0x00000000 | |
| 09:17:00,035 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000000 SubKey => PROTOCOLS\Name-Space Handler\C\ |
FAILURE | 0x00000002 | |
| 09:17:00,035 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000000 SubKey => PROTOCOLS\Name-Space Handler\*\ |
FAILURE | 0x00000002 | |
| 09:17:00,035 | 1636 | RegCloseKey |
Handle => 0x0000033a |
SUCCESS | 0x00000000 | |
| 09:17:00,035 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\C |
FAILURE | 0x00000002 | |
| 09:17:00,045 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\C |
FAILURE | 0x00000002 | |
| 09:17:00,045 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\C |
FAILURE | 0x00000002 | |
| 09:17:00,045 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\C |
FAILURE | 0x00000002 | |
| 09:17:00,045 | 1636 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32 |
SUCCESS | 0x00000000 | |
| 09:17:00,045 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetLongPathNameW FunctionAddress => 0x7c8133e3 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:17:00,045 | 1636 | FindFirstFileExW |
FileName => C:\Program Files\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:00,045 | 1636 | FindFirstFileExW |
FileName => C:\Program Files\Adobe\Reader 11.0\Reader |
SUCCESS | 0x00243330 | |
| 09:17:00,045 | 1636 | FindFirstFileExW |
FileName => C:\Program Files\Adobe\Reader 11.0\Reader\Eula.exe |
SUCCESS | 0x00243330 | |
| 09:17:00,045 | 1636 | LdrLoadDll |
Flags => 33285480 BaseAddress => 0x7c9c0000 FileName => shell32.dll |
SUCCESS | 0x00000000 | |
| 09:17:00,045 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SHGetFolderPathW FunctionAddress => 0x7c9eed76 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 09:17:00,045 | 1636 | RegCreateKeyExW |
Handle => 0x00000338 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 09:17:00,045 | 1636 | RegQueryValueExW |
Handle => 0x00000338 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00C\x00o\x00o\x00k\x00i\x00e\x00s\x00\x00\x00 ValueName => Cookies |
SUCCESS | 0x00000000 | |
| 09:17:00,045 | 1636 | RegCloseKey |
Handle => 0x00000338 |
SUCCESS | 0x00000000 | |
| 09:17:00,045 | 1636 | RegCreateKeyExW |
Handle => 0x00000338 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 09:17:00,045 | 1636 | RegSetValueExW |
Handle => 0x00000338 Buffer => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00C\x00o\x00o\x00k\x00i\x00e\x00s\x00\x00\x00 ValueName => Cookies Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:00,045 | 1636 | RegCloseKey |
Handle => 0x00000338 |
SUCCESS | 0x00000000 | |
| 09:17:00,045 | 1636 | FindFirstFileExW |
FileName => C:\Program Files\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:00,045 | 1636 | FindFirstFileExW |
FileName => C:\Program Files\Adobe\Reader 11.0\Reader |
SUCCESS | 0x00243330 | |
| 09:17:00,045 | 1636 | FindFirstFileExW |
FileName => C:\Program Files\Adobe\Reader 11.0\Reader\Eula.exe |
SUCCESS | 0x00243330 | |
| 09:17:00,045 | 1636 | RegOpenKeyExA |
Handle => 0x00000338 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
SUCCESS | 0x00000000 | |
| 09:17:00,045 | 1636 | RegQueryValueExW |
Handle => 0x00000338 Data => 0 ValueName => 1806 |
SUCCESS | 0x00000000 | |
| 09:17:00,045 | 1636 | RegCloseKey |
Handle => 0x00000338 |
SUCCESS | 0x00000000 | |
| 09:17:00,055 | 1636 | RegOpenKeyExW |
Handle => 0x00000338 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:00,055 | 1636 | RegQueryValueExW |
Handle => 0x00000338 DataLength => 4 ValueName => Security_HKLM_only Type => 33289500 |
FAILURE | 0x00000002 | |
| 09:17:00,055 | 1636 | RegCloseKey |
Handle => 0x00000338 |
SUCCESS | 0x00000000 | |
| 09:17:00,055 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:00,055 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:00,055 | 1636 | RegOpenKeyExW |
Handle => 0x00000338 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:00,055 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:00,055 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000338 SubKey => FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547 |
FAILURE | 0x00000002 | |
| 09:17:00,055 | 1636 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:00,055 | 1636 | RegCloseKey |
Handle => 0x00000338 |
SUCCESS | 0x00000000 | |
| 09:17:00,055 | 1636 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:00,055 | 1636 | RegCloseKey |
Handle => 0x00000330 |
SUCCESS | 0x00000000 | |
| 09:17:00,055 | 1636 | RegCloseKey |
Handle => 0x00000328 |
SUCCESS | 0x00000000 | |
| 09:17:00,055 | 1636 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000328 ObjectAttributes => \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
SUCCESS | 0x00000000 | |
| 09:17:00,055 | 1636 | NtQueryValueKey |
Information => 1 KeyHandle => 0x00000328 ValueName => TransparentEnabled Type => 4 |
SUCCESS | 0x00000000 | |
| 09:17:00,055 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000278 SubKey => .exe |
FAILURE | 0x00000002 | 1 time |
| 09:17:00,055 | 1636 | RegOpenKeyExW |
Handle => 0x0000032a Registry => 0x80000000 SubKey => .exe |
SUCCESS | 0x00000000 | |
| 09:17:00,065 | 1636 | RegQueryValueExW |
Handle => 0x0000032a Data => e\x00x\x00e\x00f\x00i\x00l\x00e\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:17:00,065 | 1636 | RegOpenKeyExW |
Handle => 0x00000332 Registry => 0x80000000 SubKey => exefile |
SUCCESS | 0x00000000 | |
| 09:17:00,065 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000332 SubKey => CurVer |
FAILURE | 0x00000002 | |
| 09:17:00,065 | 1636 | RegOpenKeyExW |
Handle => 0x0000033a Registry => 0x00000332 SubKey => |
SUCCESS | 0x00000000 | |
| 09:17:00,065 | 1636 | RegCloseKey |
Handle => 0x00000332 |
SUCCESS | 0x00000000 | |
| 09:17:00,065 | 1636 | RegOpenKeyExW |
Handle => 0x00000332 Registry => 0x0000033a SubKey => shell\open |
SUCCESS | 0x00000000 | |
| 09:17:00,065 | 1636 | RegOpenKeyExW |
Handle => 0x0000033e Registry => 0x00000332 SubKey => command |
SUCCESS | 0x00000000 | |
| 09:17:00,065 | 1636 | RegQueryValueExW |
Handle => 0x0000033e Data => "\x00%\x001\x00"\x00 \x00%\x00*\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:17:00,065 | 1636 | RegCloseKey |
Handle => 0x0000033e |
SUCCESS | 0x00000000 | |
| 09:17:00,065 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun |
FAILURE | 0x00000002 | |
| 09:17:00,065 | 1636 | RegOpenKeyExW |
Handle => 0x0000033e Registry => 0x00000332 SubKey => command |
SUCCESS | 0x00000000 | |
| 09:17:00,065 | 1636 | RegQueryValueExW |
Handle => 0x0000033e DataLength => 256 ValueName => command Type => 33290200 |
FAILURE | 0x00000002 | |
| 09:17:00,065 | 1636 | RegCloseKey |
Handle => 0x0000033e |
SUCCESS | 0x00000000 | |
| 09:17:00,065 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\App Paths\Eula.exe |
FAILURE | 0x00000002 | |
| 09:17:00,065 | 1636 | RegOpenKeyExW |
Handle => 0x0000033e Registry => 0x00000332 SubKey => command |
SUCCESS | 0x00000000 | |
| 09:17:00,065 | 1636 | RegQueryValueExW |
Handle => 0x0000033e Data => "\x00%\x001\x00"\x00 \x00%\x00*\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:17:00,065 | 1636 | RegCloseKey |
Handle => 0x0000033e |
SUCCESS | 0x00000000 | |
| 09:17:00,065 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000332 SubKey => ddeexec |
FAILURE | 0x00000002 | |
| 09:17:00,075 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000000 SubKey => Applications\Eula.exe |
FAILURE | 0x00000002 | |
| 09:17:00,075 | 1636 | RegOpenKeyExW |
Handle => 0x0000033c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\ShellNoRoam |
SUCCESS | 0x00000000 | |
| 09:17:00,075 | 1636 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => userenv |
FAILURE | 3221225781 | 1 time |
| 09:17:00,075 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetProfileType FunctionAddress => 0x77f96930 ModuleHandle => 0x00400000 |
FAILURE | 3221225594 | |
| 09:17:00,075 | 1636 | RegOpenKeyExW |
Handle => 0x00000340 Registry => 0x0000033c SubKey => MUICache |
SUCCESS | 0x00000000 | |
| 09:17:00,075 | 1636 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32 |
SUCCESS | 0x00000000 | |
| 09:17:00,075 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetUserDefaultUILanguage FunctionAddress => 0x7c813100 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:17:00,075 | 1636 | RegQueryValueExW |
Handle => 0x00000340 Data => ValueName => LangID |
SUCCESS | 0x00000000 | |
| 09:17:00,075 | 1636 | RegOpenKeyExW |
Handle => 0x00000344 Registry => 0x00000340 SubKey => |
SUCCESS | 0x00000000 | |
| 09:17:00,075 | 1636 | RegQueryValueExW |
Handle => 0x00000344 DataLength => 520 ValueName => C:\Program Files\Adobe\Reader 11.0\Reader\Eula.exe Type => 33289760 |
FAILURE | 0x00000002 | |
| 09:17:00,075 | 1636 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:00,075 | 1636 | LdrLoadDll |
Flags => 33288528 BaseAddress => 0x77c00000 FileName => VERSION.dll |
SUCCESS | 0x00000000 | |
| 09:17:00,075 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetFileVersionInfoSizeW FunctionAddress => 0x77c0138c ModuleHandle => 0x77c00000 |
SUCCESS | 0x00000000 | |
| 09:17:00,085 | 1636 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\Program Files\Adobe\Reader 11.0\Reader\Eula.exe |
FAILURE | 3221225781 | |
| 09:17:00,085 | 1636 | NtCreateFile |
ShareAccess => 5 FileName => C:\Program Files\Adobe\Reader 11.0\Reader\Eula.exe DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x00000348 |
SUCCESS | 0x00000000 | |
| 09:17:00,085 | 1636 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000344 FileHandle => 0x00000348 |
SUCCESS | 0x00000000 | |
| 09:17:00,085 | 1636 | ZwMapViewOfSection |
SectionOffset => 0x01fbeeec SectionHandle => 0x00000344 ProcessHandle => 0xffffffff BaseAddress => 0x020f0000 |
SUCCESS | 0x00000000 | |
| 09:17:00,185 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetFileVersionInfoW FunctionAddress => 0x77c0166f ModuleHandle => 0x77c00000 |
SUCCESS | 0x00000000 | |
| 09:17:00,185 | 1636 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\Program Files\Adobe\Reader 11.0\Reader\Eula.exe |
FAILURE | 3221225781 | |
| 09:17:00,185 | 1636 | NtCreateFile |
ShareAccess => 5 FileName => C:\Program Files\Adobe\Reader 11.0\Reader\Eula.exe DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x00000348 |
SUCCESS | 0x00000000 | |
| 09:17:00,185 | 1636 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000344 FileHandle => 0x00000348 |
SUCCESS | 0x00000000 | |
| 09:17:00,185 | 1636 | ZwMapViewOfSection |
SectionOffset => 0x01fbeedc SectionHandle => 0x00000344 ProcessHandle => 0xffffffff BaseAddress => 0x020f0000 |
SUCCESS | 0x00000000 | |
| 09:17:00,225 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => VerQueryValueW FunctionAddress => 0x77c01805 ModuleHandle => 0x77c00000 |
SUCCESS | 0x00000000 | |
| 09:17:00,225 | 1636 | RegOpenKeyExW |
Handle => 0x00000344 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation |
SUCCESS | 0x00000000 | |
| 09:17:00,225 | 1636 | RegQueryValueExW |
Handle => 0x00000344 DataLength => 68 ValueName => CutList Type => 7 |
SUCCESS | 0x00000000 | |
| 09:17:00,225 | 1636 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:00,225 | 1636 | RegOpenKeyExW |
Handle => 0x00000344 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation |
SUCCESS | 0x00000000 | |
| 09:17:00,225 | 1636 | RegQueryValueExW |
Handle => 0x00000344 Data => ValueName => CutList |
SUCCESS | 0x00000000 | |
| 09:17:00,225 | 1636 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:00,225 | 1636 | RegOpenKeyExW |
Handle => 0x00000344 Registry => 0x00000340 SubKey => |
SUCCESS | 0x00000000 | |
| 09:17:00,225 | 1636 | RegSetValueExW |
Handle => 0x00000344 Buffer => E\x00u\x00l\x00a\x00 \x00d\x00i\x00s\x00p\x00l\x00a\x00y\x00\x00\x00 ValueName => C:\Program Files\Adobe\Reader 11.0\Reader\Eula.exe Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:00,225 | 1636 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:00,225 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Program Files\Adobe\Reader 11.0\Reader\Eula.exe DesiredAccess => 0x80100180 CreateDisposition => 1 FileHandle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:00,225 | 1636 | NtQueryInformationFile |
FileHandle => 0x00000344 FileInformation => \x00s?\xb30\x9a\xcd\x01\xf0\x92\xca\x8e\x8a\xa2\xcf\x01\x00s?\xb30\x9a\xcd\x01\xd0\xf3\x9c\xc3\xe6\x91\xcf\x01 \x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:00,225 | 1636 | NtSetInformationFile |
FileHandle => 0x00000344 FileInformation => |
SUCCESS | 0x00000000 | |
| 09:17:00,225 | 1636 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00\xff\xff\x00\x00\xb8\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\x00\x00\x00 FileHandle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:00,225 | 1636 | NtSetInformationFile |
FileHandle => 0x00000344 FileInformation => |
SUCCESS | 0x00000000 | |
| 09:17:00,236 | 1636 | NtReadFile |
Buffer => PE\x00\x00L\x01\x05\x00\xb0\xc5_P\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x00"\x01\x0b\x01
\x00\x00\xaa\x00\x00\x00\x84\x00\x00\x00\x00\x00\x00\xa9\xad\x00\x00\x00\x10\x00\x00\x00\xc0\x00\x00\x00\x00@\x00\x00\x10\x00\x00\x00\x02\x00\x00 FileHandle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:00,236 | 1636 | NtSetInformationFile |
FileHandle => 0x00000344 FileInformation => |
SUCCESS | 0x00000000 | |
| 09:17:00,236 | 1636 | NtReadFile |
Buffer => \x05\x00\x01\x00 FileHandle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:00,236 | 1636 | NtSetInformationFile |
FileHandle => 0x00000344 FileInformation => |
SUCCESS | 0x00000000 | |
| 09:17:00,236 | 1636 | NtReadFile |
Buffer => \x02\x00@\x81 FileHandle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:00,236 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\App Paths\Eula.exe |
FAILURE | 0x00000002 | |
| 09:17:00,236 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:17:00,236 | 1636 | RegOpenKeyExW |
Handle => 0x00000344 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:17:00,236 | 1636 | RegQueryValueExW |
Handle => 0x00000344 DataLength => 4 ValueName => InheritConsoleHandles Type => 33289916 |
FAILURE | 0x00000002 | |
| 09:17:00,236 | 1636 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:00,236 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:17:00,236 | 1636 | RegOpenKeyExW |
Handle => 0x00000344 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:17:00,236 | 1636 | RegQueryValueExW |
Handle => 0x00000344 DataLength => 4 ValueName => RestrictRun Type => 33290472 |
FAILURE | 0x00000002 | |
| 09:17:00,236 | 1636 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:00,236 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:17:00,236 | 1636 | RegOpenKeyExW |
Handle => 0x00000344 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:17:00,236 | 1636 | RegQueryValueExW |
Handle => 0x00000344 DataLength => 4 ValueName => DisallowRun Type => 33290472 |
FAILURE | 0x00000002 | |
| 09:17:00,236 | 1636 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:00,236 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\App Paths\Eula.exe |
FAILURE | 0x00000002 | 1 time |
| 09:17:00,236 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 09:17:00,236 | 1636 | RegOpenKeyExW |
Handle => 0x00000344 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 09:17:00,236 | 1636 | RegQueryValueExW |
Handle => 0x00000344 DataLength => 4 ValueName => NoRunasInstallPrompt Type => 33287748 |
FAILURE | 0x00000002 | |
| 09:17:00,236 | 1636 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:00,236 | 1636 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\App Paths\Eula.exe |
FAILURE | 0x00000002 | |
| 09:17:00,937 | 1636 | CreateProcessInternalW |
ApplicationName => C:\Program Files\Adobe\Reader 11.0\Reader\Eula.exe ProcessId => 460 CommandLine => "C:\Program Files\Adobe\Reader 11.0\Reader\Eula.exe" Adobe Reader XI;65758;1033 ThreadHandle => 0x00000354 ProcessHandle => 0x0000034c ThreadId => 820 CreationFlags => 0x04000410 |
SUCCESS | 0x00000001 | |
| 09:17:00,937 | 1636 | LdrGetDllHandle |
ModuleHandle => 0x774e0000 FileName => ole32.dll |
SUCCESS | 0x00000000 | |
| 09:17:00,937 | 1636 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => browseui.dll |
FAILURE | 3221225781 | 1 time |
| 09:17:00,937 | 1636 | RegCloseKey |
Handle => 0x00000332 |
SUCCESS | 0x00000000 | |
| 09:17:00,937 | 1636 | RegCloseKey |
Handle => 0x0000032a |
SUCCESS | 0x00000000 | |
| 09:17:00,937 | 1636 | RegCloseKey |
Handle => 0x0000033a |
SUCCESS | 0x00000000 | |
| 09:17:00,957 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:00,957 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:00,957 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:00,957 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:00,957 | 1636 | NtCreateFile |
ShareAccess => 0 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\UserCache.bin DesiredAccess => 0x0012019f CreateDisposition => 5 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:00,957 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:00,957 | 1636 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => `<@\x8f\x8a\xa2\xcf\x01`<@\x8f\x8a\xa2\xcf\x01`<@\x8f\x8a\xa2\xcf\x01`<@\x8f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00AL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xb8\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:01,918 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NtCreateEvent FunctionAddress => 0x7c90d070 ModuleHandle => 0x7c900000 |
SUCCESS | 0x00000000 | |
| 09:17:02,228 | 1636 | NtCreateKey |
ObjectAttributes => Software\Adobe\Adobe Acrobat\11.0 DesiredAccess => 196639 KeyHandle => 0x00000354 Class => |
SUCCESS | 0x00000000 | |
| 09:17:02,238 | 1636 | NtCreateKey |
ObjectAttributes => Software\Adobe\Adobe Acrobat\11.0\DiskCabs DesiredAccess => 196639 KeyHandle => 0x00000354 Class => |
SUCCESS | 0x00000000 | |
| 09:17:02,268 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:02,268 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:02,278 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:02,278 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:02,278 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:02,278 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:02,288 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:02,288 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:02,288 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:02,288 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:02,288 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:02,288 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:02,288 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:02,298 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:02,298 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:02,298 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:02,298 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:02,298 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:02,308 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:02,308 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:02,308 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:02,308 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:03,160 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,160 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:03,160 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:03,160 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:03,200 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,200 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:03,200 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:03,200 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:03,200 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:03,210 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:03,210 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,210 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:03,210 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:03,210 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:03,210 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,220 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:03,220 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:03,220 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:03,220 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Collab\ DesiredAccess => 0x00100001 CreateDisposition => 2 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:03,220 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:03,230 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,230 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:03,230 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:03,230 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:03,230 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Collab |
SUCCESS | 0x00243330 | |
| 09:17:03,240 | 1636 | NtCreateKey |
ObjectAttributes => Software\Adobe\Adobe Acrobat\11.0 DesiredAccess => 196639 KeyHandle => 0x00000354 Class => |
SUCCESS | 0x00000000 | |
| 09:17:03,240 | 1636 | NtCreateKey |
ObjectAttributes => Software\Adobe\Adobe Acrobat\11.0\DiskCabs DesiredAccess => 196639 KeyHandle => 0x00000354 Class => |
SUCCESS | 0x00000000 | |
| 09:17:03,240 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,240 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:03,240 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:03,240 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,250 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:03,250 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:03,250 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:03,250 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,250 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:03,250 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:03,250 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:03,260 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:03,260 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,260 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:03,260 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:03,260 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:03,260 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:03,260 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,260 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:03,260 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:03,260 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:03,270 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:03,270 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,270 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:03,270 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:03,270 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:03,270 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,280 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:03,280 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:03,280 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:03,280 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Collab |
SUCCESS | 0x00243330 | |
| 09:17:03,280 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Collab\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:03,280 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:03,290 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,290 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:03,290 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:03,290 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:03,290 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Collab |
SUCCESS | 0x00243330 | |
| 09:17:03,290 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,290 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:03,290 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:03,290 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:03,290 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Collab |
SUCCESS | 0x00243330 | |
| 09:17:03,370 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,370 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:03,370 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:03,380 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,380 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\desktop.ini |
SUCCESS | 0x00243330 | |
| 09:17:03,380 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,390 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\desktop.ini |
SUCCESS | 0x00243330 | |
| 09:17:03,390 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,390 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\desktop.ini |
SUCCESS | 0x00243330 | |
| 09:17:03,390 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,390 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\desktop.ini |
SUCCESS | 0x00243330 | |
| 09:17:03,390 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,390 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\desktop.ini |
SUCCESS | 0x00243330 | |
| 09:17:03,400 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:03,400 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\desktop.ini |
SUCCESS | 0x00243330 | |
| 09:17:04,011 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,011 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,011 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,011 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,021 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,021 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,021 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\AssetCache\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,021 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,031 | 1636 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x0000034c ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x0000034c SubKey => SOFTWARE\Microsoft\Cryptography\Providers\Type 001 |
FAILURE | 0x00000002 | |
| 09:17:04,041 | 1636 | RegOpenKeyExA |
Handle => 0x0000034c Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 40 ValueName => Name Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | RegQueryValueExA |
Handle => 0x0000034c Data => Microsoft Strong Cryptographic Provider\x00 ValueName => Name |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | RegCloseKey |
Handle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | RegOpenKeyExA |
Handle => 0x0000034c Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | RegQueryValueExA |
Handle => 0x0000034c Data => 1 ValueName => Type |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 11 ValueName => Image Path Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | RegQueryValueExA |
Handle => 0x0000034c Data => rsaenh.dll\x00 ValueName => Image Path |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetDllHandle |
ModuleHandle => 0x68000000 FileName => rsaenh.dll |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPAcquireContext FunctionAddress => 0x6800fb46 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPReleaseContext FunctionAddress => 0x6800f017 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGenKey FunctionAddress => 0x6800afb1 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDeriveKey FunctionAddress => 0x6800d086 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDestroyKey FunctionAddress => 0x68009460 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPSetKeyParam FunctionAddress => 0x68009638 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGetKeyParam FunctionAddress => 0x68009a22 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPExportKey FunctionAddress => 0x6800ba24 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPImportKey FunctionAddress => 0x6800bf8a ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPEncrypt FunctionAddress => 0x68006c8e ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDecrypt FunctionAddress => 0x68007100 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPCreateHash FunctionAddress => 0x680074ba ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPHashData FunctionAddress => 0x68007e56 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPHashSessionKey FunctionAddress => 0x68007fa0 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDestroyHash FunctionAddress => 0x680082d1 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPSignHash FunctionAddress => 0x6800da22 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPVerifySignature FunctionAddress => 0x6800df0a ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGenRandom FunctionAddress => 0x6800d7a7 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGetUserKey FunctionAddress => 0x68009562 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPSetProvParam FunctionAddress => 0x68009e6d ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGetProvParam FunctionAddress => 0x68009f9c ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPSetHashParam FunctionAddress => 0x6800a56f ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGetHashParam FunctionAddress => 0x6800c891 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDuplicateKey FunctionAddress => 0x6800aaae ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDuplicateHash FunctionAddress => 0x6800852e ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | RegOpenKeyExA |
Handle => 0x00000354 Registry => 0x80000002 SubKey => Software\Microsoft\Cryptography |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | RegQueryValueExA |
Handle => 0x00000354 DataLength => 37 ValueName => MachineGuid Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | RegQueryValueExA |
Handle => 0x00000354 Data => 99d6ed61-80b2-42d4-8c72-45c08cbdb8ae\x00 ValueName => MachineGuid |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | RegCloseKey |
Handle => 0x00000354 |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Cryptography\Offload |
FAILURE | 0x00000002 | |
| 09:17:04,041 | 1636 | RegCloseKey |
Handle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,041 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,041 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\AssetCache\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,041 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,041 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,041 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,041 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,051 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\AssetCache\UGTZK47W DesiredAccess => 0x00100001 CreateDisposition => 2 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,051 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,051 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,051 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,051 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\AssetCache\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,051 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,051 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243330 | |
| 09:17:04,051 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,051 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243330 | |
| 09:17:04,061 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243330 | |
| 09:17:04,061 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243330 | |
| 09:17:04,061 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,061 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243330 | |
| 09:17:04,061 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243330 | |
| 09:17:04,061 | 1636 | NtCreateFile |
ShareAccess => 0 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\FAP1.tmp DesiredAccess => 0x00120089 CreateDisposition => 2 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,061 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,061 | 1636 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x80\xf0\x19\x91\x8a\xa2\xcf\x01\x80\xf0\x19\x91\x8a\xa2\xcf\x01\x80\xf0\x19\x91\x8a\xa2\xcf\x01\x80\xf0\x19\x91\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00EL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x89\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x8a\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:04,061 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243330 | |
| 09:17:04,061 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,061 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243330 | |
| 09:17:04,061 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243330 | |
| 09:17:04,061 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\FAP1.tmp |
SUCCESS | 0x00243330 | |
| 09:17:04,061 | 1636 | NtCreateFile |
ShareAccess => 0 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\FAP1.tmp DesiredAccess => 0x0012019f CreateDisposition => 5 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,061 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,061 | 1636 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x80\xf0\x19\x91\x8a\xa2\xcf\x01\x80\xf0\x19\x91\x8a\xa2\xcf\x01\x80\xf0\x19\x91\x8a\xa2\xcf\x01\x80\xf0\x19\x91\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00EL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x8a\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:04,061 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243330 | |
| 09:17:04,061 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,071 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243330 | |
| 09:17:04,071 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243330 | |
| 09:17:04,071 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\FAP1.tmp |
SUCCESS | 0x00243330 | |
| 09:17:04,071 | 1636 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\FAP1.tmp DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,071 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,111 | 1636 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NtCreateEvent FunctionAddress => 0x7c90d070 ModuleHandle => 0x7c900000 |
SUCCESS | 0x00000000 | |
| 09:17:04,141 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243330 | |
| 09:17:04,141 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,141 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243330 | |
| 09:17:04,141 | 1636 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243330 | |
| 09:17:04,141 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp DesiredAccess => 0x00100020 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,141 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,141 | 1636 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x00\xe9\x90|`G9\x000O9\x00|\xd8\x90|\xea\x82 |
FAILURE | 3221225506 | |
| 09:17:04,211 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,211 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,211 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:04,211 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:04,211 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,211 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,211 | 1636 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:04,211 | 1636 | RegOpenKeyExW |
Handle => 0x0000034c Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Internet Explorer |
SUCCESS | 0x00000000 | |
| 09:17:04,211 | 1636 | RegQueryValueExW |
Handle => 0x0000034c Data => 6\x00.\x000\x00.\x002\x009\x000\x000\x00.\x005\x005\x001\x002\x00\x00\x00 ValueName => Version |
SUCCESS | 0x00000000 | |
| 09:17:04,211 | 1636 | RegCloseKey |
Handle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,221 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,221 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,221 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,221 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,221 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,221 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,221 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,221 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,221 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,221 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:04,231 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,231 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,231 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,231 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,231 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:04,231 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,231 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,231 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,231 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,231 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:04,231 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,231 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,231 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,231 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,231 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:04,231 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:04,231 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,231 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,622 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,622 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,632 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:04,632 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:04,632 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,632 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,632 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,632 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,632 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:04,642 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,642 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,642 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,642 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,642 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:04,642 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:04,642 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,652 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,652 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,652 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,652 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:04,652 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,652 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,652 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,652 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,652 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:04,652 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:04,662 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\SharedDataEvents DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,662 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,662 | 1636 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \xc0\x9fu\x91\x8a\xa2\xcf\x01\xc0\x9fu\x91\x8a\xa2\xcf\x01\xc0\x9fu\x91\x8a\xa2\xcf\x01\xc0\x9fu\x91\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\xf5)\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xbe\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:04,672 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,672 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,672 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:04,672 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:04,682 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\SharedDataEvents-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,682 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,682 | 1636 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \xf0&w\x91\x8a\xa2\xcf\x01\xf0&w\x91\x8a\xa2\xcf\x01\xf0&w\x91\x8a\xa2\xcf\x01\xf0&w\x91\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\xf6)\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xce\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:04,732 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,732 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,732 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:04,732 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:04,732 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,732 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,732 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:04,732 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:04,732 | 1636 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\SharedDataEvents-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,742 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,742 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,742 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,742 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:04,742 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:04,742 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,742 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,752 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,752 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,752 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:04,752 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:04,752 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,752 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,752 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,752 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,752 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:04,752 | 1636 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:04,752 | 1636 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,762 | 1636 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,762 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,762 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,762 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:04,762 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:04,772 | 1664 | CreateRemoteThread |
Parameter => 0x00000000 ProcessHandle => 0xffffffff ThreadId => 0 StartRoutine => 0x7c910230 CreationFlags => 4 |
SUCCESS | 0x0000034c | |
| 09:17:04,772 | 1664 | NtResumeThread |
SuspendCount => 1 ThreadHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,772 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,772 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,772 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243330 | |
| 09:17:04,782 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243330 | |
| 09:17:04,782 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243330 | |
| 09:17:04,782 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243330 | |
| 09:17:04,782 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\SharedDataEvents DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,782 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000354 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,782 | 1584 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \xc0\x9fu\x91\x8a\xa2\xcf\x01\x10R\x80\x91\x8a\xa2\xcf\x01\x10R\x80\x91\x8a\xa2\xcf\x01\x10R\x80\x91\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\xf5)\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xbe\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:04,782 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243368 | |
| 09:17:04,792 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243368 | |
| 09:17:04,792 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243368 | |
| 09:17:04,792 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243368 | |
| 09:17:04,792 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,792 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,792 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243368 | |
| 09:17:04,792 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243368 | |
| 09:17:04,792 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243368 | |
| 09:17:04,792 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243368 | |
| 09:17:04,792 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,802 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,802 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243368 | |
| 09:17:04,802 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243368 | |
| 09:17:04,802 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243368 | |
| 09:17:04,802 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243368 | |
| 09:17:04,802 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,802 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,802 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243368 | |
| 09:17:04,802 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe |
SUCCESS | 0x00243368 | |
| 09:17:04,802 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243368 | |
| 09:17:04,812 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243368 | |
| 09:17:04,812 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\SharedDataEvents DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:04,812 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:04,812 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \xc0\x9fu\x91\x8a\xa2\xcf\x01\x00\xf6\x87\x91\x8a\xa2\xcf\x01\x10R\x80\x91\x8a\xa2\xcf\x01\x10R\x80\x91\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\xf5)\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xbe\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:13,364 | 1200 | NtOpenKey |
DesiredAccess => 65547 KeyHandle => 0x00000348 ObjectAttributes => Software\Adobe\Adobe Synchronizer\11.0 |
SUCCESS | 0x00000000 | |
| 09:17:13,374 | 1200 | NtOpenKey |
DesiredAccess => 65547 KeyHandle => 0x00000348 ObjectAttributes => Software\Adobe\Adobe Synchronizer\11.0\Acrobat.com |
SUCCESS | 0x00000000 | |
| 09:17:13,384 | 1200 | NtOpenKey |
DesiredAccess => 65547 KeyHandle => 0x00000348 ObjectAttributes => Software\Adobe\Adobe Synchronizer\11.0\Acrobat.com.v2 |
SUCCESS | 0x00000000 | |
| 09:17:13,414 | 1200 | NtOpenKey |
DesiredAccess => 65547 KeyHandle => 0x00000348 ObjectAttributes => Software\Adobe\Adobe Synchronizer\11.0\CredentialsV2 |
SUCCESS | 0x00000000 | 3 times |
| 09:17:13,434 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243368 | |
| 09:17:13,434 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243368 | |
| 09:17:13,434 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243368 | |
| 09:17:13,434 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243368 | |
| 09:17:13,434 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:13,434 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:13,434 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:13,434 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243368 | |
| 09:17:13,444 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243368 | |
| 09:17:13,444 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243368 | |
| 09:17:13,444 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243368 | |
| 09:17:13,444 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:13,444 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:13,444 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:13,444 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243368 | |
| 09:17:13,455 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243368 | |
| 09:17:13,455 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243368 | |
| 09:17:13,455 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243368 | |
| 09:17:13,455 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:13,455 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:13,455 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:13,455 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243368 | |
| 09:17:13,455 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243368 | |
| 09:17:13,455 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243368 | |
| 09:17:13,455 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243368 | |
| 09:17:13,455 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:13,455 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:13,455 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:13,465 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243368 | |
| 09:17:13,465 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243368 | |
| 09:17:13,465 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243368 | |
| 09:17:13,465 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243368 | |
| 09:17:13,465 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:13,465 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:13,465 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:13,475 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243368 | |
| 09:17:13,475 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243368 | |
| 09:17:13,475 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243368 | |
| 09:17:13,475 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243368 | |
| 09:17:13,475 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:13,475 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:13,475 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:13,475 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243368 | |
| 09:17:13,475 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243368 | |
| 09:17:13,475 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243368 | |
| 09:17:13,475 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243368 | |
| 09:17:13,475 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:13,475 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:13,475 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xc0T\xb6\x96\x8a\xa2\xcf\x01\xc0T\xb6\x96\x8a\xa2\xcf\x01\xc0T\xb6\x96\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00GL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:13,725 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243368 | |
| 09:17:13,735 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243368 | |
| 09:17:13,735 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243368 | |
| 09:17:13,735 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243368 | |
| 09:17:13,735 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243368 | |
| 09:17:13,735 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243368 | |
| 09:17:13,735 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243368 | |
| 09:17:13,735 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243368 | |
| 09:17:13,735 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:13,735 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:13,735 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243368 | |
| 09:17:13,745 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243368 | |
| 09:17:13,745 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243368 | |
| 09:17:13,745 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243368 | |
| 09:17:13,745 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:13,745 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:13,745 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:16,259 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,269 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,269 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,269 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,279 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files DesiredAccess => 0x00100001 CreateDisposition => 2 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,279 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,279 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,279 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,279 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,279 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,289 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x00000000 |
FAILURE | 3221225658 | |
| 09:17:16,289 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files DesiredAccess => 0x00100000 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,289 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,289 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,289 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,289 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,299 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,329 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\ DesiredAccess => 0x00100001 CreateDisposition => 2 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,329 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,329 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,329 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,329 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,329 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,329 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,339 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\index.dat DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,339 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,339 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => `\k\x98\x8a\xa2\xcf\x01`\k\x98\x8a\xa2\xcf\x01`\k\x98\x8a\xa2\xcf\x01`\k\x98\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00IL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xd6\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:16,339 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,339 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,339 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,339 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,339 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,339 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\index.dat |
SUCCESS | 0x00243368 | |
| 09:17:16,339 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\index.dat DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,339 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,339 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => `\k\x98\x8a\xa2\xcf\x01`\k\x98\x8a\xa2\xcf\x01\x80^\xd4\x8f\x8a\xa2\xcf\x01`\k\x98\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00IL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xd6\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:16,349 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,349 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,349 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,349 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,349 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,349 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,349 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,349 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,349 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,349 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,349 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\ DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x00000000 |
FAILURE | 3221225658 | |
| 09:17:16,349 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\ DesiredAccess => 0x00100000 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,349 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,359 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,359 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,359 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,359 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,359 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,359 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\desktop.ini DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,359 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,359 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \xc0jn\x98\x8a\xa2\xcf\x01\xc0jn\x98\x8a\xa2\xcf\x01\xc0jn\x98\x8a\xa2\xcf\x01\xc0jn\x98\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00JL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xda\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:16,359 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,369 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,369 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,369 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,369 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,369 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\desktop.ini |
SUCCESS | 0x00243368 | |
| 09:17:16,369 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\desktop.ini DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,369 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,369 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x00\xe9\x90|`G9\x000O9\x00|\xd8\x90|\xea\x82 |
FAILURE | 3221225506 | |
| 09:17:16,389 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,399 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,409 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,409 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,409 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,409 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4X638L6R DesiredAccess => 0x00100001 CreateDisposition => 2 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,409 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,419 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,419 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,449 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,459 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,459 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,459 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4X638L6R |
SUCCESS | 0x00243368 | |
| 09:17:16,459 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4X638L6R DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x00000000 |
FAILURE | 3221225658 | |
| 09:17:16,459 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4X638L6R DesiredAccess => 0x00100000 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,459 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,459 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,469 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,469 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,469 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,489 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,489 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4X638L6R |
SUCCESS | 0x00243368 | |
| 09:17:16,489 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,489 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,489 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,489 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,499 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,499 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4X638L6R |
SUCCESS | 0x00243368 | |
| 09:17:16,499 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4X638L6R DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x00000000 |
FAILURE | 3221225658 | |
| 09:17:16,499 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4X638L6R DesiredAccess => 0x00100000 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,499 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,499 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,499 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,499 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,499 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,509 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,509 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4X638L6R |
SUCCESS | 0x00243368 | |
| 09:17:16,529 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4X638L6R\desktop.ini DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,529 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,529 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \xf0d\x88\x98\x8a\xa2\xcf\x01\xf0d\x88\x98\x8a\xa2\xcf\x01\xf0d\x88\x98\x8a\xa2\xcf\x01\xf0d\x88\x98\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00LL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xec\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:16,529 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,529 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,559 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,569 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,569 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,569 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4X638L6R |
SUCCESS | 0x00243368 | |
| 09:17:16,569 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4X638L6R\desktop.ini |
SUCCESS | 0x00243368 | |
| 09:17:16,569 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4X638L6R\desktop.ini DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,619 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,619 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x00\xe9\x90|`G9\x000O9\x00|\xd8\x90|\xea\x82 |
FAILURE | 3221225506 | |
| 09:17:16,619 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,629 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,659 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,669 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,669 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,669 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\8NMVIDKN DesiredAccess => 0x00100001 CreateDisposition => 2 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,669 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,669 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,669 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,669 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,669 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,669 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,669 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\8NMVIDKN |
SUCCESS | 0x00243368 | |
| 09:17:16,669 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\8NMVIDKN DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x00000000 |
FAILURE | 3221225658 | |
| 09:17:16,669 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\8NMVIDKN DesiredAccess => 0x00100000 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,669 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,719 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,719 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,719 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,719 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,719 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,719 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\8NMVIDKN |
SUCCESS | 0x00243368 | |
| 09:17:16,719 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,719 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,719 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,719 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,719 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,719 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\8NMVIDKN |
SUCCESS | 0x00243368 | |
| 09:17:16,749 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\8NMVIDKN DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x00000000 |
FAILURE | 3221225658 | |
| 09:17:16,749 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\8NMVIDKN DesiredAccess => 0x00100000 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,749 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,749 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,749 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,749 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,749 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,749 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,749 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\8NMVIDKN |
SUCCESS | 0x00243368 | |
| 09:17:16,749 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\8NMVIDKN\desktop.ini DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,749 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,749 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x10\x03\xaa\x98\x8a\xa2\xcf\x01\x10\x03\xaa\x98\x8a\xa2\xcf\x01\x10\x03\xaa\x98\x8a\xa2\xcf\x01\x10\x03\xaa\x98\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00NL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xec\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:16,769 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,769 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,769 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,769 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,769 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,769 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\8NMVIDKN |
SUCCESS | 0x00243368 | |
| 09:17:16,769 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\8NMVIDKN\desktop.ini |
SUCCESS | 0x00243368 | |
| 09:17:16,769 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\8NMVIDKN\desktop.ini DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,769 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,769 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x00\xe9\x90|`G9\x000O9\x00|\xd8\x90|\xea\x82 |
FAILURE | 3221225506 | |
| 09:17:16,769 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,769 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,769 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,769 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,769 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,779 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GHI7KXYB DesiredAccess => 0x00100001 CreateDisposition => 2 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,779 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,779 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,779 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,779 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,779 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,779 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,779 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GHI7KXYB |
SUCCESS | 0x00243368 | |
| 09:17:16,779 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GHI7KXYB DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x00000000 |
FAILURE | 3221225658 | |
| 09:17:16,779 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GHI7KXYB DesiredAccess => 0x00100000 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,779 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,779 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,779 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,779 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,779 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,779 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,779 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GHI7KXYB |
SUCCESS | 0x00243368 | |
| 09:17:16,779 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,779 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,779 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,779 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,779 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,789 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GHI7KXYB |
SUCCESS | 0x00243368 | |
| 09:17:16,789 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GHI7KXYB DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x00000000 |
FAILURE | 3221225658 | |
| 09:17:16,789 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GHI7KXYB DesiredAccess => 0x00100000 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,789 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,789 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,789 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,789 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,789 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,789 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,789 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GHI7KXYB |
SUCCESS | 0x00243368 | |
| 09:17:16,809 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GHI7KXYB\desktop.ini DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,809 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,809 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => 0.\xb3\x98\x8a\xa2\xcf\x010.\xb3\x98\x8a\xa2\xcf\x010.\xb3\x98\x8a\xa2\xcf\x010.\xb3\x98\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00PL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xec\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:16,809 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,809 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,809 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,809 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,809 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,809 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GHI7KXYB |
SUCCESS | 0x00243368 | |
| 09:17:16,809 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GHI7KXYB\desktop.ini |
SUCCESS | 0x00243368 | |
| 09:17:16,809 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GHI7KXYB\desktop.ini DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,809 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,809 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x00\xe9\x90|`G9\x000O9\x00|\xd8\x90|\xea\x82 |
FAILURE | 3221225506 | |
| 09:17:16,819 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,819 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,819 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,819 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,819 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,819 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\YREPSLGP DesiredAccess => 0x00100001 CreateDisposition => 2 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,819 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,819 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,819 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,819 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,819 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,819 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,819 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\YREPSLGP |
SUCCESS | 0x00243368 | |
| 09:17:16,819 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\YREPSLGP DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x00000000 |
FAILURE | 3221225658 | |
| 09:17:16,819 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\YREPSLGP DesiredAccess => 0x00100000 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,819 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,819 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,819 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,819 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,819 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,819 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,819 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\YREPSLGP |
SUCCESS | 0x00243368 | |
| 09:17:16,819 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\YREPSLGP |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\YREPSLGP DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x00000000 |
FAILURE | 3221225658 | |
| 09:17:16,829 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\YREPSLGP DesiredAccess => 0x00100000 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,829 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\YREPSLGP |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\YREPSLGP\desktop.ini DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,829 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,829 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x90<\xb6\x98\x8a\xa2\xcf\x01\x90<\xb6\x98\x8a\xa2\xcf\x01\x90<\xb6\x98\x8a\xa2\xcf\x01\x90<\xb6\x98\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00RL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xec\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\YREPSLGP |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\YREPSLGP\desktop.ini |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\YREPSLGP\desktop.ini DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,829 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,829 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x00\xe9\x90|`G9\x000O9\x00|\xd8\x90|\xea\x82 |
FAILURE | 3221225506 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,829 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,839 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,839 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,839 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,839 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,839 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,839 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,839 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4X638L6R |
SUCCESS | 0x00243368 | |
| 09:17:16,839 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4X638L6R\desktop.ini |
SUCCESS | 0x00243368 | |
| 09:17:16,839 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4X638L6R |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4X638L6R\desktop.ini |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4X638L6R\desktop.ini DesiredAccess => 0x00120089 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,849 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,849 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \xf0d\x88\x98\x8a\xa2\xcf\x01\xf0d\x88\x98\x8a\xa2\xcf\x01\xf0d\x88\x98\x8a\xa2\xcf\x01\xa0%\x96\x98\x8a\xa2\xcf\x01\x06\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00C\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00LL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x89\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xec\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\8NMVIDKN |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\8NMVIDKN\desktop.ini |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\8NMVIDKN |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\8NMVIDKN\desktop.ini |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\8NMVIDKN\desktop.ini DesiredAccess => 0x00120089 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,849 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,849 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x10\x03\xaa\x98\x8a\xa2\xcf\x01@\x8a\xab\x98\x8a\xa2\xcf\x01@\x8a\xab\x98\x8a\xa2\xcf\x01p\x11\xad\x98\x8a\xa2\xcf\x01\x06\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00C\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00NL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x89\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xec\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GHI7KXYB |
SUCCESS | 0x00243368 | |
| 09:17:16,849 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GHI7KXYB\desktop.ini |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GHI7KXYB |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GHI7KXYB\desktop.ini |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GHI7KXYB\desktop.ini DesiredAccess => 0x00120089 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,859 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,859 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => 0.\xb3\x98\x8a\xa2\xcf\x010.\xb3\x98\x8a\xa2\xcf\x010.\xb3\x98\x8a\xa2\xcf\x01`\xb5\xb4\x98\x8a\xa2\xcf\x01\x06\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00C\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00PL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x89\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xec\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\YREPSLGP |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\YREPSLGP\desktop.ini |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\YREPSLGP |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\YREPSLGP\desktop.ini |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\YREPSLGP\desktop.ini DesiredAccess => 0x00120089 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,859 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,859 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x90<\xb6\x98\x8a\xa2\xcf\x01\x90<\xb6\x98\x8a\xa2\xcf\x01\x90<\xb6\x98\x8a\xa2\xcf\x01\x90<\xb6\x98\x8a\xa2\xcf\x01\x06\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00C\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00RL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x89\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xec\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Cookies\ DesiredAccess => 0x00100001 CreateDisposition => 2 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,859 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Cookies |
SUCCESS | 0x00243368 | |
| 09:17:16,859 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Cookies\ DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x00000000 |
FAILURE | 3221225658 | |
| 09:17:16,859 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Cookies\ DesiredAccess => 0x00100000 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,859 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,869 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,869 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,869 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,869 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,869 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Cookies |
SUCCESS | 0x00243368 | |
| 09:17:16,869 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Cookies\index.dat DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,869 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,869 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => PY\xbc\x98\x8a\xa2\xcf\x01PY\xbc\x98\x8a\xa2\xcf\x01PY\xbc\x98\x8a\xa2\xcf\x01PY\xbc\x98\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00TL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:16,869 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,869 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,869 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,869 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,869 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Cookies |
SUCCESS | 0x00243368 | |
| 09:17:16,879 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Cookies\index.dat |
SUCCESS | 0x00243368 | |
| 09:17:16,879 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Cookies\index.dat DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,879 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,879 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => PY\xbc\x98\x8a\xa2\xcf\x01PY\xbc\x98\x8a\xa2\xcf\x01\x80^\xd4\x8f\x8a\xa2\xcf\x01PY\xbc\x98\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00TL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:16,889 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,889 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,889 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,889 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,889 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Cookies |
SUCCESS | 0x00243368 | |
| 09:17:16,889 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Cookies\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,889 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,889 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,889 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,889 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,889 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,889 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History DesiredAccess => 0x00100001 CreateDisposition => 2 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,889 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,889 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,889 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,889 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,889 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,889 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History |
SUCCESS | 0x00243368 | |
| 09:17:16,889 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x00000000 |
FAILURE | 3221225658 | |
| 09:17:16,889 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History DesiredAccess => 0x00100000 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,889 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,889 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\ DesiredAccess => 0x00100001 CreateDisposition => 2 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,899 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\index.dat DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,899 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,899 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \xe0\xee\xc0\x98\x8a\xa2\xcf\x01\xe0\xee\xc0\x98\x8a\xa2\xcf\x01\xe0\xee\xc0\x98\x8a\xa2\xcf\x01\xe0\xee\xc0\x98\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00WL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xb4\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5\index.dat |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\index.dat DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,899 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,899 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \xe0\xee\xc0\x98\x8a\xa2\xcf\x01\xe0\xee\xc0\x98\x8a\xa2\xcf\x01\x80^\xd4\x8f\x8a\xa2\xcf\x01\xe0\xee\xc0\x98\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00WL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xb4\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,899 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\ DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x00000000 |
FAILURE | 3221225658 | |
| 09:17:16,909 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\ DesiredAccess => 0x00100000 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,909 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\desktop.ini |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\ DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x00000000 |
FAILURE | 3221225658 | |
| 09:17:16,909 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\ DesiredAccess => 0x00100000 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,909 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,909 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\desktop.ini DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,909 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,919 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x10v\xc2\x98\x8a\xa2\xcf\x01\x10v\xc2\x98\x8a\xa2\xcf\x01\x10v\xc2\x98\x8a\xa2\xcf\x01\x10v\xc2\x98\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00XL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xb8\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:16,919 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,919 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,919 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,919 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,919 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History |
SUCCESS | 0x00243368 | |
| 09:17:16,919 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,919 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5\desktop.ini |
SUCCESS | 0x00243368 | |
| 09:17:16,919 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\desktop.ini DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,919 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,919 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x10v\xc2\x98\x8a\xa2\xcf\x01@\xfd\xc3\x98\x8a\xa2\xcf\x01@\xfd\xc3\x98\x8a\xa2\xcf\x01@\xfd\xc3\x98\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00C\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00XL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xb8\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:16,919 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,919 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,930 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,930 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,930 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History |
SUCCESS | 0x00243368 | |
| 09:17:16,930 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,930 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5\desktop.ini |
SUCCESS | 0x00243368 | |
| 09:17:16,930 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\desktop.ini DesiredAccess => 0x00100100 CreateDisposition => 1 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,930 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,930 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => \x00\xe9\x90|`G9\x000O9\x00|\xd8\x90|\xea\x82 |
FAILURE | 3221225506 | |
| 09:17:16,930 | 1200 | NtOpenKey |
DesiredAccess => 15 KeyHandle => 0x00000348 ObjectAttributes => Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
SUCCESS | 0x00000000 | |
| 09:17:16,930 | 1200 | NtOpenKey |
DesiredAccess => 15 KeyHandle => 0x00000348 ObjectAttributes => Extensible Cache |
SUCCESS | 0x00000000 | |
| 09:17:16,930 | 1200 | NtOpenKey |
DesiredAccess => 15 KeyHandle => 0x00000348 ObjectAttributes => MSHist012014071820140719 |
SUCCESS | 0x00000000 | |
| 09:17:16,940 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,940 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x00243368 | |
| 09:17:16,940 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x00243368 | |
| 09:17:16,940 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x00243368 | |
| 09:17:16,940 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 |
SUCCESS | 0x00243368 | |
| 09:17:16,940 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\index.dat |
SUCCESS | 0x00243368 | |
| 09:17:16,940 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\index.dat DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 09:17:16,940 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000348 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:16,940 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000034c FileInformation => `\k\x98\x8a\xa2\xcf\x01`\k\x98\x8a\xa2\xcf\x01\xa0\x0b\xc7\x98\x8a\xa2\xcf\x01\xa0\x0b\xc7\x98\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00IL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xd6\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:17,010 | 1200 | LdrLoadDll |
Flags => 36240396 BaseAddress => 0x771b0000 FileName => WININET.dll |
SUCCESS | 0x00000000 | |
| 09:17:17,010 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InternetOpenA FunctionAddress => 0x771c578e ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,010 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => FromCacheTimeout Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,010 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => SecureProtocols Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,010 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => CertificateRevocation Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,010 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => DisableKeepAlive Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,010 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => DisablePassport Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,010 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => CacheMode Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,010 | 1200 | RegOpenKeyExA |
Handle => 0x00000344 Registry => 0x80000002 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,010 | 1200 | RegQueryValueExA |
Handle => 0x00000344 DataLength => 4 ValueName => Security_HKLM_only Type => 836 |
FAILURE | 0x00000002 | |
| 09:17:17,020 | 1200 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:17,020 | 1200 | RegOpenKeyExA |
Handle => 0x00000344 Registry => 0x80000002 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,020 | 1200 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
FAILURE | 0x00000002 | |
| 09:17:17,020 | 1200 | RegOpenKeyExA |
Handle => 0x00000350 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,020 | 1200 | RegOpenKeyExA |
Handle => 0x00000358 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,020 | 1200 | RegQueryValueExA |
Handle => 0x00000344 DataLength => 4 ValueName => EnableHttp1_1 Type => 836 |
FAILURE | 0x00000002 | |
| 09:17:17,020 | 1200 | RegQueryValueExA |
Handle => 0x00000358 Data => 1 ValueName => EnableHttp1_1 |
SUCCESS | 0x00000000 | |
| 09:17:17,020 | 1200 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:17,020 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,020 | 1200 | RegCloseKey |
Handle => 0x00000350 |
SUCCESS | 0x00000000 | |
| 09:17:17,020 | 1200 | RegCloseKey |
Handle => 0x00000358 |
SUCCESS | 0x00000000 | |
| 09:17:17,020 | 1200 | RegOpenKeyExA |
Handle => 0x00000358 Registry => 0x80000002 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,020 | 1200 | RegQueryValueExA |
Handle => 0x00000358 DataLength => 4 ValueName => Security_HKLM_only Type => 856 |
FAILURE | 0x00000002 | |
| 09:17:17,020 | 1200 | RegCloseKey |
Handle => 0x00000358 |
SUCCESS | 0x00000000 | |
| 09:17:17,020 | 1200 | RegOpenKeyExA |
Handle => 0x00000358 Registry => 0x80000002 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,020 | 1200 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
FAILURE | 0x00000002 | |
| 09:17:17,020 | 1200 | RegOpenKeyExA |
Handle => 0x00000350 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,020 | 1200 | RegOpenKeyExA |
Handle => 0x00000344 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,020 | 1200 | RegQueryValueExA |
Handle => 0x00000358 DataLength => 4 ValueName => ProxyHttp1.1 Type => 856 |
FAILURE | 0x00000002 | |
| 09:17:17,020 | 1200 | RegQueryValueExA |
Handle => 0x00000344 DataLength => 4 ValueName => ProxyHttp1.1 Type => 836 |
FAILURE | 0x00000002 | |
| 09:17:17,020 | 1200 | RegQueryValueExA |
Handle => 0x00000350 DataLength => 4 ValueName => ProxyHttp1.1 Type => 848 |
FAILURE | 0x00000002 | |
| 09:17:17,020 | 1200 | RegCloseKey |
Handle => 0x00000358 |
SUCCESS | 0x00000000 | |
| 09:17:17,020 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,020 | 1200 | RegCloseKey |
Handle => 0x00000350 |
SUCCESS | 0x00000000 | |
| 09:17:17,020 | 1200 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:17,020 | 1200 | RegQueryValueExA |
Handle => 0x0000034c Data => 1 ValueName => EnableNegotiate |
SUCCESS | 0x00000000 | |
| 09:17:17,020 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => DisableBasicOverClearChannel Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,020 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,030 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,030 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,030 | 1200 | RegOpenKeyExW |
Handle => 0x00000344 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegQueryValueExA |
Handle => 0x00000344 DataLength => 4 ValueName => Feature_ClientAuthCertFilter Type => 836 |
FAILURE | 0x00000002 | |
| 09:17:17,030 | 1200 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => SyncMode5 Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,030 | 1200 | RegOpenKeyExA |
Handle => 0x00000344 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegQueryValueExA |
Handle => 0x00000344 DataLength => 4 ValueName => FixupKey Type => 836 |
FAILURE | 0x00000002 | |
| 09:17:17,030 | 1200 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegOpenKeyExA |
Handle => 0x00000344 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegQueryValueExA |
Handle => 0x00000344 DataLength => 4 ValueName => SessionStartTimeDefaultDeltaSecs Type => 836 |
FAILURE | 0x00000002 | |
| 09:17:17,030 | 1200 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegOpenKeyExA |
Handle => 0x00000344 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegOpenKeyExA |
Handle => 0x00000350 Registry => 0x80000002 SubKey => System\Setup |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegQueryValueExA |
Handle => 0x00000350 Data => 0 ValueName => SystemSetupInProgress |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegCloseKey |
Handle => 0x00000350 |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegOpenKeyExA |
Handle => 0x00000350 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegOpenKeyExA |
Handle => 0x00000358 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegOpenKeyExA |
Handle => 0x0000035c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegOpenKeyExA |
Handle => 0x00000360 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegQueryValueExA |
Handle => 0x00000360 Data => Client UrlCache MMF Ver 5.2\x00 ValueName => Signature |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegCloseKey |
Handle => 0x00000360 |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegOpenKeyExA |
Handle => 0x00000360 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegQueryValueExA |
Handle => 0x00000360 DataLength => 54 ValueName => Cache Type => 2 |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegQueryValueExA |
Handle => 0x00000360 DataLength => 22 ValueName => Cookies Type => 2 |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegQueryValueExA |
Handle => 0x00000360 DataLength => 37 ValueName => History Type => 2 |
SUCCESS | 0x00000000 | |
| 09:17:17,030 | 1200 | RegCloseKey |
Handle => 0x00000360 |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | RegOpenKeyExA |
Handle => 0x00000360 Registry => 0x00000358 SubKey => Content |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | RegQueryValueExA |
Handle => 0x00000360 DataLength => 4 ValueName => PerUserItem Type => 864 |
FAILURE | 0x00000002 | |
| 09:17:17,040 | 1200 | RegOpenKeyExA |
Handle => 0x00000364 Registry => 0x00000344 SubKey => Content |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | RegQueryValueExA |
Handle => 0x00000364 Data => 1 ValueName => PerUserItem |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | RegCloseKey |
Handle => 0x00000364 |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | RegCloseKey |
Handle => 0x00000360 |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | RegOpenKeyExA |
Handle => 0x00000360 Registry => 0x00000358 SubKey => Content |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | LdrLoadDll |
Flags => 36238072 BaseAddress => 0x7c9c0000 FileName => shell32.dll |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SHGetFolderPathA FunctionAddress => 0x7ca2ac11 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files DesiredAccess => 0x00100100 FileHandle => 0x00000364 |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | NtSetInformationFile |
FileHandle => 0x00000364 FileInformation => |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | RegQueryValueExA |
Handle => 0x00000360 Data => \x00 ValueName => CachePrefix |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | RegQueryValueExA |
Handle => 0x00000360 Data => 327323 ValueName => CacheLimit |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | RegOpenKeyExA |
Handle => 0x00000364 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | RegOpenKeyExA |
Handle => 0x00000368 Registry => 0x00000364 SubKey => Paths |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | RegOpenKeyExA |
Handle => 0x0000036c Registry => 0x00000368 SubKey => Path1 |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | RegOpenKeyExA |
Handle => 0x00000370 Registry => 0x00000368 SubKey => Path2 |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | RegOpenKeyExA |
Handle => 0x00000374 Registry => 0x00000368 SubKey => Path3 |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | RegOpenKeyExA |
Handle => 0x00000378 Registry => 0x00000368 SubKey => Path4 |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | RegOpenKeyExA |
Handle => 0x0000037c Registry => 0x00000364 SubKey => Special Paths |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | RegSetValueExA |
Handle => 0x00000368 Buffer => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\x00 ValueName => Directory Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:17,040 | 1200 | RegSetValueExA |
Handle => 0x00000368 Buffer => 4 ValueName => Paths Type => 4 |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegSetValueExA |
Handle => 0x0000036c Buffer => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\Cache1\x00 ValueName => CachePath Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegSetValueExA |
Handle => 0x00000370 Buffer => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\Cache2\x00 ValueName => CachePath Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegSetValueExA |
Handle => 0x00000374 Buffer => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\Cache3\x00 ValueName => CachePath Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegSetValueExA |
Handle => 0x00000378 Buffer => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\Cache4\x00 ValueName => CachePath Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegSetValueExA |
Handle => 0x0000036c Buffer => 81830 ValueName => CacheLimit Type => 4 |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegSetValueExA |
Handle => 0x00000370 Buffer => 81830 ValueName => CacheLimit Type => 4 |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegSetValueExA |
Handle => 0x00000374 Buffer => 81830 ValueName => CacheLimit Type => 4 |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegSetValueExA |
Handle => 0x00000378 Buffer => 81830 ValueName => CacheLimit Type => 4 |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegCloseKey |
Handle => 0x00000370 |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegCloseKey |
Handle => 0x0000036c |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegCloseKey |
Handle => 0x00000368 |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegCloseKey |
Handle => 0x0000037c |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegCloseKey |
Handle => 0x00000364 |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegOpenKeyExA |
Handle => 0x00000364 Registry => 0x00000358 SubKey => Cookies |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegQueryValueExA |
Handle => 0x00000364 DataLength => 4 ValueName => PerUserItem Type => 868 |
FAILURE | 0x00000002 | |
| 09:17:17,050 | 1200 | RegOpenKeyExA |
Handle => 0x0000037c Registry => 0x00000344 SubKey => Cookies |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegQueryValueExA |
Handle => 0x0000037c Data => 1 ValueName => PerUserItem |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegCloseKey |
Handle => 0x0000037c |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegCloseKey |
Handle => 0x00000364 |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegCloseKey |
Handle => 0x00000360 |
SUCCESS | 0x00000000 | |
| 09:17:17,050 | 1200 | RegOpenKeyExA |
Handle => 0x00000360 Registry => 0x00000358 SubKey => Cookies |
SUCCESS | 0x00000000 | |
| 09:17:17,060 | 1200 | RegQueryValueExA |
Handle => 0x00000360 Data => Cookie:\x00 ValueName => CachePrefix |
SUCCESS | 0x00000000 | |
| 09:17:17,060 | 1200 | RegQueryValueExA |
Handle => 0x00000360 Data => 8192 ValueName => CacheLimit |
SUCCESS | 0x00000000 | |
| 09:17:17,060 | 1200 | RegOpenKeyExA |
Handle => 0x00000364 Registry => 0x00000358 SubKey => History |
SUCCESS | 0x00000000 | |
| 09:17:17,060 | 1200 | RegQueryValueExA |
Handle => 0x00000364 DataLength => 4 ValueName => PerUserItem Type => 868 |
FAILURE | 0x00000002 | |
| 09:17:17,060 | 1200 | RegOpenKeyExA |
Handle => 0x0000037c Registry => 0x00000344 SubKey => History |
SUCCESS | 0x00000000 | |
| 09:17:17,060 | 1200 | RegQueryValueExA |
Handle => 0x0000037c Data => 1 ValueName => PerUserItem |
SUCCESS | 0x00000000 | |
| 09:17:17,060 | 1200 | RegCloseKey |
Handle => 0x0000037c |
SUCCESS | 0x00000000 | |
| 09:17:17,060 | 1200 | RegCloseKey |
Handle => 0x00000364 |
SUCCESS | 0x00000000 | |
| 09:17:17,060 | 1200 | RegCloseKey |
Handle => 0x00000360 |
SUCCESS | 0x00000000 | |
| 09:17:17,060 | 1200 | RegOpenKeyExA |
Handle => 0x00000360 Registry => 0x00000358 SubKey => History |
SUCCESS | 0x00000000 | |
| 09:17:17,060 | 1200 | RegCreateKeyExW |
Handle => 0x00000364 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 09:17:17,060 | 1200 | RegQueryValueExW |
Handle => 0x00000364 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00H\x00i\x00s\x00t\x00o\x00r\x00y\x00\x00\x00 ValueName => History |
SUCCESS | 0x00000000 | |
| 09:17:17,060 | 1200 | RegCloseKey |
Handle => 0x00000364 |
SUCCESS | 0x00000000 | |
| 09:17:17,060 | 1200 | RegCreateKeyExW |
Handle => 0x00000364 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 09:17:17,060 | 1200 | RegSetValueExW |
Handle => 0x00000364 Buffer => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00H\x00i\x00s\x00t\x00o\x00r\x00y\x00\x00\x00 ValueName => History Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:17,060 | 1200 | RegCloseKey |
Handle => 0x00000364 |
SUCCESS | 0x00000000 | |
| 09:17:17,060 | 1200 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\History DesiredAccess => 0x00100100 FileHandle => 0x00000364 |
SUCCESS | 0x00000000 | |
| 09:17:17,060 | 1200 | NtSetInformationFile |
FileHandle => 0x00000364 FileInformation => |
SUCCESS | 0x00000000 | |
| 09:17:17,060 | 1200 | RegQueryValueExA |
Handle => 0x00000360 Data => Visited:\x00 ValueName => CachePrefix |
SUCCESS | 0x00000000 | |
| 09:17:17,070 | 1200 | RegQueryValueExA |
Handle => 0x00000360 Data => 8192 ValueName => CacheLimit |
SUCCESS | 0x00000000 | |
| 09:17:17,070 | 1200 | RegCloseKey |
Handle => 0x00000360 |
SUCCESS | 0x00000000 | |
| 09:17:17,070 | 1200 | RegCloseKey |
Handle => 0x0000035c |
SUCCESS | 0x00000000 | |
| 09:17:17,070 | 1200 | RegCloseKey |
Handle => 0x00000350 |
SUCCESS | 0x00000000 | |
| 09:17:17,070 | 1200 | RegCloseKey |
Handle => 0x00000358 |
SUCCESS | 0x00000000 | |
| 09:17:17,070 | 1200 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 09:17:17,070 | 1200 | NtOpenMutant |
Handle => 0x00000344 MutexName => _!MSFTHISTORY!_ |
SUCCESS | 0x00000000 | |
| 09:17:17,070 | 1200 | NtOpenMutant |
Handle => 0x00000358 MutexName => c:!documents and settings!tdw!local settings!temporary internet files!content.ie5! |
SUCCESS | 0x00000000 | |
| 09:17:17,070 | 1200 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32 |
SUCCESS | 0x00000000 | |
| 09:17:17,070 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetDiskFreeSpaceExA FunctionAddress => 0x7c83038b ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:17:17,070 | 1200 | NtOpenFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\ DesiredAccess => 0x00100001 FileHandle => 0x00000350 |
SUCCESS | 0x00000000 | |
| 09:17:17,070 | 1200 | NtOpenFile |
ShareAccess => 3 FileName => C:\ DesiredAccess => 0x00100001 FileHandle => 0x00000350 |
SUCCESS | 0x00000000 | |
| 09:17:17,070 | 1200 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\ DesiredAccess => 0x00100100 FileHandle => 0x00000350 |
SUCCESS | 0x00000000 | |
| 09:17:17,070 | 1200 | NtSetInformationFile |
FileHandle => 0x00000350 FileInformation => |
SUCCESS | 0x00000000 | |
| 09:17:17,070 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\index.dat DesiredAccess => 0xc0100080 CreateDisposition => 3 FileHandle => 0x00000350 |
SUCCESS | 0x00000000 | |
| 09:17:17,070 | 1200 | NtSetInformationFile |
FileHandle => 0x00000350 FileInformation => |
SUCCESS | 0x00000000 | |
| 09:17:17,080 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000350 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:17,080 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\index.dat DesiredAccess => 0xc0100080 CreateDisposition => 3 FileHandle => 0x00000350 |
SUCCESS | 0x00000000 | |
| 09:17:17,080 | 1200 | NtOpenSection |
DesiredAccess => 0x00000002 ObjectAttributes => C:\C:_Documents and Settings_TDW_Local Settings_Temporary Internet Files_Content.IE5_index.dat_245760 SectionHandle => 0x0000035c |
SUCCESS | 0x00000000 | |
| 09:17:17,080 | 1200 | ZwMapViewOfSection |
SectionOffset => 0x0228f924 SectionHandle => 0x0000035c ProcessHandle => 0xffffffff BaseAddress => 0x02100000 |
SUCCESS | 0x00000000 | |
| 09:17:17,080 | 1200 | NtOpenMutant |
Handle => 0x00000360 MutexName => c:!documents and settings!tdw!cookies! |
SUCCESS | 0x00000000 | |
| 09:17:17,080 | 1200 | NtOpenFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Cookies\ DesiredAccess => 0x00100001 FileHandle => 0x00000364 |
SUCCESS | 0x00000000 | |
| 09:17:17,080 | 1200 | NtOpenFile |
ShareAccess => 3 FileName => C:\ DesiredAccess => 0x00100001 FileHandle => 0x00000364 |
SUCCESS | 0x00000000 | |
| 09:17:17,080 | 1200 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Cookies\ DesiredAccess => 0x00100100 FileHandle => 0x00000364 |
SUCCESS | 0x00000000 | |
| 09:17:17,080 | 1200 | NtSetInformationFile |
FileHandle => 0x00000364 FileInformation => |
SUCCESS | 0x00000000 | |
| 09:17:17,080 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Cookies\index.dat DesiredAccess => 0xc0100080 CreateDisposition => 3 FileHandle => 0x00000364 |
SUCCESS | 0x00000000 | |
| 09:17:17,080 | 1200 | NtSetInformationFile |
FileHandle => 0x00000364 FileInformation => |
SUCCESS | 0x00000000 | |
| 09:17:17,080 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000364 FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:17,080 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Cookies\index.dat DesiredAccess => 0xc0100080 CreateDisposition => 3 FileHandle => 0x00000364 |
SUCCESS | 0x00000000 | |
| 09:17:17,080 | 1200 | NtOpenSection |
DesiredAccess => 0x00000002 ObjectAttributes => C:\C:_Documents and Settings_TDW_Cookies_index.dat_32768 SectionHandle => 0x0000037c |
SUCCESS | 0x00000000 | |
| 09:17:17,080 | 1200 | ZwMapViewOfSection |
SectionOffset => 0x0228f924 SectionHandle => 0x0000037c ProcessHandle => 0xffffffff BaseAddress => 0x02140000 |
SUCCESS | 0x00000000 | |
| 09:17:17,080 | 1200 | NtOpenMutant |
Handle => 0x00000368 MutexName => c:!documents and settings!tdw!local settings!history!history.ie5! |
SUCCESS | 0x00000000 | |
| 09:17:17,090 | 1200 | NtOpenFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\History\History.IE5\ DesiredAccess => 0x00100001 FileHandle => 0x0000036c |
SUCCESS | 0x00000000 | |
| 09:17:17,090 | 1200 | NtOpenFile |
ShareAccess => 3 FileName => C:\ DesiredAccess => 0x00100001 FileHandle => 0x0000036c |
SUCCESS | 0x00000000 | |
| 09:17:17,090 | 1200 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\History\History.IE5\ DesiredAccess => 0x00100100 FileHandle => 0x0000036c |
SUCCESS | 0x00000000 | |
| 09:17:17,090 | 1200 | NtSetInformationFile |
FileHandle => 0x0000036c FileInformation => |
SUCCESS | 0x00000000 | |
| 09:17:17,090 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\History\History.IE5\index.dat DesiredAccess => 0xc0100080 CreateDisposition => 3 FileHandle => 0x0000036c |
SUCCESS | 0x00000000 | |
| 09:17:17,090 | 1200 | NtSetInformationFile |
FileHandle => 0x0000036c FileInformation => |
SUCCESS | 0x00000000 | |
| 09:17:17,090 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000036c FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:17,090 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\History\History.IE5\index.dat DesiredAccess => 0xc0100080 CreateDisposition => 3 FileHandle => 0x0000036c |
SUCCESS | 0x00000000 | |
| 09:17:17,090 | 1200 | NtOpenSection |
DesiredAccess => 0x00000002 ObjectAttributes => C:\C:_Documents and Settings_TDW_Local Settings_History_History.IE5_index.dat_32768 SectionHandle => 0x00000370 |
SUCCESS | 0x00000000 | |
| 09:17:17,090 | 1200 | ZwMapViewOfSection |
SectionOffset => 0x0228f924 SectionHandle => 0x00000370 ProcessHandle => 0xffffffff BaseAddress => 0x02150000 |
SUCCESS | 0x00000000 | |
| 09:17:17,090 | 1200 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\ DesiredAccess => 0x00100100 FileHandle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,090 | 1200 | NtSetInformationFile |
FileHandle => 0x00000374 FileInformation => |
SUCCESS | 0x00000000 | |
| 09:17:17,090 | 1200 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\History\History.IE5\ DesiredAccess => 0x00100100 FileHandle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,090 | 1200 | NtSetInformationFile |
FileHandle => 0x00000374 FileInformation => |
SUCCESS | 0x00000000 | |
| 09:17:17,090 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000350 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegOpenKeyExA |
Handle => 0x00000374 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegOpenKeyExA |
Handle => 0x00000378 Registry => 0x00000374 SubKey => Extensible Cache |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegEnumKeyExA |
Index => 0 Handle => 0x00000378 Name => MSHist012014071820140719 Class => |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegOpenKeyExA |
Handle => 0x00000374 Registry => 0x00000378 SubKey => MSHist012014071820140719 |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegQueryValueExA |
Handle => 0x00000374 Data => 0 ValueName => CacheRepair |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegQueryValueExA |
Handle => 0x00000374 Data => %USERPROFILE%\Local Settings\History\History.IE5\MSHist012014071820140719\\x00 ValueName => CachePath |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegQueryValueExA |
Handle => 0x00000374 Data => :2014071820140719: \x00 ValueName => CachePrefix |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegQueryValueExA |
Handle => 0x00000374 Data => 8192 ValueName => CacheLimit |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegQueryValueExA |
Handle => 0x00000374 Data => 11 ValueName => CacheOptions |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegEnumKeyExA |
Index => 1 Handle => 0x00000378 Name => MSHist012014071820140719 Class => |
FAILURE | 0x00000103 | |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000350 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | 1 time |
| 09:17:17,100 | 1200 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000378 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegQueryValueExW |
Handle => 0x00000378 DataLength => 4 ValueName => Security_HKLM_only Type => 36239644 |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000378 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000378 SubKey => FEATURE_AUTOPROXY_CACHE_ANAME_KB921400 |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,100 | 1200 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
FAILURE | 0x00000002 | 2 times |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000378 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegQueryValueExW |
Handle => 0x00000378 DataLength => 4 ValueName => Security_HKLM_only Type => 36239644 |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000378 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000378 SubKey => FEATURE_TEMPORARYFILES_FOR_NOCACHE_840387 |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000378 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegQueryValueExW |
Handle => 0x00000378 DataLength => 4 ValueName => Security_HKLM_only Type => 36239644 |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000378 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000378 SubKey => FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386 |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000378 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegQueryValueExW |
Handle => 0x00000378 DataLength => 4 ValueName => Security_HKLM_only Type => 36239640 |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000378 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000378 SubKey => RETRY_HEADERONLYPOST_ONCONNECTIONRESET |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000378 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegQueryValueExW |
Handle => 0x00000378 DataLength => 4 ValueName => Security_HKLM_only Type => 36239644 |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000378 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000378 SubKey => FEATURE_CHUNK_TIMEOUT_KB914453 |
FAILURE | 0x00000002 | |
| 09:17:17,100 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000378 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegQueryValueExW |
Handle => 0x00000378 DataLength => 4 ValueName => Security_HKLM_only Type => 36239644 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000378 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000378 SubKey => FEATURE_CERT_TRUST_VERIFIED_KB936882 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,110 | 1200 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExA |
Handle => 0x00000378 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegQueryValueExA |
Handle => 0x00000378 DataLength => 4 ValueName => DisableWorkerThreadHibernation Type => 888 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => DisableWorkerThreadHibernation Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => DisableReadRange Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => SocketSendBufferLength Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => SocketReceiveBufferLength Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => KeepAliveTimeout Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => MaxHttpRedirects Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => MaxConnectionsPerServer Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => MaxConnectionsPer1_0Server Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => ServerInfoTimeout Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => ReceiveTimeOut Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => DisableNTLMPreAuth Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => ScavengeCacheLowerBound Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => CertCacheNoValidate Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExA |
Handle => 0x00000378 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegQueryValueExA |
Handle => 0x00000378 DataLength => 4 ValueName => ScavengeCacheFileLifeTime Type => 888 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExA |
Handle => 0x00000378 Registry => 0x80000002 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegQueryValueExA |
Handle => 0x00000378 DataLength => 4 ValueName => Security_HKLM_only Type => 888 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExA |
Handle => 0x00000378 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExA |
Handle => 0x00000374 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegQueryValueExA |
Handle => 0x00000374 DataLength => 4 ValueName => ScavengeCacheFileLimit Type => 884 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegQueryValueExA |
Handle => 0x00000378 DataLength => 4 ValueName => ScavengeCacheFileLimit Type => 888 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegQueryValueExW |
Handle => 0x00000374 DataLength => 4 ValueName => Security_HKLM_only Type => 36239644 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000374 SubKey => FEATURE_BUFFERBREAKING_818408 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegQueryValueExW |
Handle => 0x00000374 DataLength => 4 ValueName => Security_HKLM_only Type => 36239644 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000374 SubKey => FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegQueryValueExW |
Handle => 0x00000374 DataLength => 4 ValueName => Security_HKLM_only Type => 36239644 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000374 SubKey => FEATURE_ENSURE_FQDN_FOR_NEGOTIATE_KB899417 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegQueryValueExW |
Handle => 0x00000374 DataLength => 4 ValueName => Security_HKLM_only Type => 36239644 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000374 SubKey => FEATURE_HTTP_DISABLE_NTLM_PREAUTH_IF_ABORTED_KB902409 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegQueryValueExW |
Handle => 0x00000374 DataLength => 4 ValueName => Security_HKLM_only Type => 36239644 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000374 SubKey => FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegQueryValueExW |
Handle => 0x00000374 DataLength => 4 ValueName => Security_HKLM_only Type => 36239644 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000374 SubKey => FEATURE_WPAD_STORE_URL_AS_FQDN_KB903926 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegQueryValueExW |
Handle => 0x00000374 DataLength => 4 ValueName => Security_HKLM_only Type => 36239644 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000374 SubKey => FEATURE_USE_CNAME_FOR_SPN_KB911149 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegQueryValueExW |
Handle => 0x00000374 DataLength => 4 ValueName => Security_HKLM_only Type => 36239644 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000374 SubKey => FEATURE_KEEP_CACHE_INDEX_OPEN_KB899342 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegQueryValueExW |
Handle => 0x00000374 DataLength => 4 ValueName => Security_HKLM_only Type => 36239644 |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,110 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000374 SubKey => FEATURE_WAIT_TIME_THREAD_TERMINATE_KB886801 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,120 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExW |
Handle => 0x00000374 DataLength => 4 ValueName => Security_HKLM_only Type => 36239644 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegOpenKeyExW |
Handle => 0x00000374 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000374 SubKey => FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => HttpDefaultExpiryTimeSecs Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => FtpDefaultExpiryTimeSecs Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => GopherDefaultExpiryTimeSecs Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => DisableCachingOfSSLPages Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => PerUserCookies Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => LeashLegacyCookies Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => DisableNT4RasCheck Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegOpenKeyExA |
Handle => 0x00000374 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x00000374 DataLength => 4 ValueName => DialupUseLanSettings Type => 884 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegOpenKeyExA |
Handle => 0x00000378 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x00000378 DataLength => 4 ValueName => DialupUseLanSettings Type => 888 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => SendExtraCRLF Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => BypassFtpTimeCheck Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => EnableGopher Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => ReleaseSocketDuringAuth Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegOpenKeyExA |
Handle => 0x00000374 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x00000374 DataLength => 4 ValueName => ReleaseSocketDuring401Auth Type => 884 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegOpenKeyExA |
Handle => 0x00000378 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x00000378 DataLength => 4 ValueName => ReleaseSocketDuring401Auth Type => 888 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => WpadSearchAllDomains Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegOpenKeyExA |
Handle => 0x00000374 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x00000374 DataLength => 4 ValueName => DisableLegacyPreAuthAsServer Type => 884 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegOpenKeyExA |
Handle => 0x00000378 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x00000378 DataLength => 4 ValueName => DisableLegacyPreAuthAsServer Type => 888 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegOpenKeyExA |
Handle => 0x00000374 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x00000374 DataLength => 4 ValueName => BypassHTTPNoCacheCheck Type => 884 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegOpenKeyExA |
Handle => 0x00000378 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x00000378 DataLength => 4 ValueName => BypassHTTPNoCacheCheck Type => 888 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegOpenKeyExA |
Handle => 0x00000374 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x00000374 DataLength => 4 ValueName => BypassSSLNoCacheCheck Type => 884 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegOpenKeyExA |
Handle => 0x00000378 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x00000378 DataLength => 4 ValueName => BypassSSLNoCacheCheck Type => 888 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegOpenKeyExA |
Handle => 0x00000374 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x00000374 DataLength => 4 ValueName => EnableHttpTrace Type => 884 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegOpenKeyExA |
Handle => 0x00000378 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x00000378 DataLength => 4 ValueName => EnableHttpTrace Type => 888 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegOpenKeyExA |
Handle => 0x00000374 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x00000374 DataLength => 4 ValueName => NoCheckAutodialOverRide Type => 884 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegOpenKeyExA |
Handle => 0x00000378 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x00000378 DataLength => 4 ValueName => NoCheckAutodialOverRide Type => 888 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000378 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegOpenKeyExA |
Handle => 0x00000374 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x00000374 DataLength => 4 ValueName => DontUseDNSLoadBalancing Type => 884 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => DontUseDNSLoadBalancing Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => NonBlockingClient32 Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegOpenKeyExA |
Handle => 0x00000374 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x00000374 DataLength => 4 ValueName => ShareCredsWithWinHttp Type => 884 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x00000374 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 66 ValueName => MimeExclusionListForCache Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c Data => multipart/mixed multipart/x-mixed-replace multipart/x-byteranges \x00 ValueName => MimeExclusionListForCache |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 0 ValueName => HeaderExclusionListForCache Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => DnsCacheEnabled Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => DnsCacheEntries Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => DnsCacheTimeout Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c Data => ValueName => WarnOnPost |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => WarnAlwaysOnPost Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c Data => 0 ValueName => WarnOnZoneCrossing |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => WarnOnBadCertSending Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => WarnOnBadCertRecving Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => WarnOnPostRedirect Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => AlwaysDrainOnRedirect Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => WarnOnHTTPSToHTTPRedirect Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | NtOpenMutant |
Handle => 0x00000374 MutexName => WininetStartupMutex |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => GlobalUserOffline Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000350 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | NtOpenMutant |
Handle => 0x00000380 MutexName => WininetConnectionMutex |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | NtCreateMutant |
Handle => 0x00000384 InitialOwner => 0 MutexName => |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | NtOpenMutant |
Handle => 0x00000388 MutexName => WininetProxyRegistryMutex |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => EnableAutodial Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => rnaapp.exe |
FAILURE | 3221225781 | 1 time |
| 09:17:17,120 | 1200 | RegOpenKeyExA |
Handle => 0x0000038c Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000038c DataLength => 11 ValueName => UrlEncoding Type => 1 |
FAILURE | 0x000000ea | |
| 09:17:17,120 | 1200 | RegCloseKey |
Handle => 0x0000038c |
SUCCESS | 0x00000000 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => TruncateFileName Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,120 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => BadProxyExpiresTime Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,170 | 1200 | LdrLoadDll |
Flags => 36239980 BaseAddress => 0x71ad0000 FileName => wsock32 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 1 FunctionName => FunctionAddress => 0x71ac1040 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 2 FunctionName => FunctionAddress => 0x71ab4480 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 3 FunctionName => FunctionAddress => 0x71ab3e2b ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 4 FunctionName => FunctionAddress => 0x71ab4a07 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 5 FunctionName => FunctionAddress => 0x71ac0b68 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 6 FunctionName => FunctionAddress => 0x71ab3d10 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 7 FunctionName => FunctionAddress => 0x71ad2ed6 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 8 FunctionName => FunctionAddress => 0x71ab2ead ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 9 FunctionName => FunctionAddress => 0x71ab2e53 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 10 FunctionName => FunctionAddress => 0x71ab2ee1 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 11 FunctionName => FunctionAddress => 0x71ab45c1 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 12 FunctionName => FunctionAddress => 0x71ab3f50 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 13 FunctionName => FunctionAddress => 0x71ab8cd3 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 15 FunctionName => FunctionAddress => 0x71ab2e53 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 16 FunctionName => FunctionAddress => 0x71ad2e70 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 17 FunctionName => FunctionAddress => 0x71ad3001 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 18 FunctionName => FunctionAddress => 0x71ab30a8 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 19 FunctionName => FunctionAddress => 0x71ab4c27 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 20 FunctionName => FunctionAddress => 0x71ab2f51 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 21 FunctionName => FunctionAddress => 0x71ad2e30 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 22 FunctionName => FunctionAddress => 0x71ac0bf6 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 23 FunctionName => FunctionAddress => 0x71ab4211 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 52 FunctionName => FunctionAddress => 0x71ab5355 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 57 FunctionName => FunctionAddress => 0x71ab5449 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 111 FunctionName => FunctionAddress => 0x71ab3cce ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 112 FunctionName => FunctionAddress => 0x71ab2a5e ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 115 FunctionName => FunctionAddress => 0x71ab6a55 ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 116 FunctionName => FunctionAddress => 0x71ab3fed ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 151 FunctionName => FunctionAddress => 0x71ab3f7b ModuleHandle => 0x71ad0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | WSAStartup |
VersionRequested => 0x00000101 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrLoadDll |
Flags => 36239980 BaseAddress => 0x71ab0000 FileName => ws2_32 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => WSALookupServiceBeginW FunctionAddress => 0x71ab35ef ModuleHandle => 0x71ab0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => WSALookupServiceEnd FunctionAddress => 0x71ab350e ModuleHandle => 0x71ab0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => WSALookupServiceNextW FunctionAddress => 0x71ab3181 ModuleHandle => 0x71ab0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => WSANSPIoctl FunctionAddress => 0x71ab5086 ModuleHandle => 0x71ab0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => getaddrinfo FunctionAddress => 0x71ab2a6f ModuleHandle => 0x71ab0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => freeaddrinfo FunctionAddress => 0x71ab2b0b ModuleHandle => 0x71ab0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => getnameinfo FunctionAddress => 0x71abc689 ModuleHandle => 0x71ab0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | CreateThread |
ThreadId => 520 StartRoutine => 0x771d922e Parameter => 0x001fc4e8 CreationFlags => 0 |
SUCCESS | 0x00000394 | |
| 09:17:17,170 | 1200 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x00000398 FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | ZwMapViewOfSection |
SectionOffset => 0x0228fcb0 SectionHandle => 0x00000398 ProcessHandle => 0xffffffff BaseAddress => 0x02160000 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 520 | socket |
type => 2 protocol => 17 af => 2 |
SUCCESS | 0x000003b0 | |
| 09:17:17,170 | 520 | bind |
ip => 127.0.0.1 socket => 0x000003b0 port => 0 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 520 | NtDeviceIoControlFile |
InputBuffer => FileHandle => 0x000003b0 OutputBuffer => \x01\x00\x00\x00\x01\x00\x00\x00\x0e\x00\x02\x00\x04\x10\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 520 | connect |
socket => 0x000003b0 |
SUCCESS | 0x00000000 | |
| 09:17:17,170 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InternetSetStatusCallbackA FunctionAddress => 0x771d9064 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,180 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InternetConnectA FunctionAddress => 0x771c3452 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,180 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000350 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:17,180 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InternetQueryOptionW FunctionAddress => 0x771d5a5f ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,200 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => HttpOpenRequestA FunctionAddress => 0x771c2af9 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,200 | 1200 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA |
FAILURE | 0x00000002 | |
| 09:17:17,200 | 1200 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA |
FAILURE | 0x00000002 | |
| 09:17:17,200 | 1200 | RegOpenKeyExW |
Handle => 0x000003a4 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,200 | 1200 | RegQueryValueExW |
Handle => 0x000003a4 DataLength => 4 ValueName => Security_HKLM_only Type => 36239748 |
FAILURE | 0x00000002 | |
| 09:17:17,200 | 1200 | RegCloseKey |
Handle => 0x000003a4 |
SUCCESS | 0x00000000 | |
| 09:17:17,200 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,210 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,210 | 1200 | RegOpenKeyExW |
Handle => 0x000003a4 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,210 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,210 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003a4 SubKey => FEATURE_INCLUDE_PORT_IN_SPN_KB908209 |
FAILURE | 0x00000002 | |
| 09:17:17,210 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,210 | 1200 | RegCloseKey |
Handle => 0x000003a4 |
SUCCESS | 0x00000000 | |
| 09:17:17,210 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,210 | 1200 | RegOpenKeyExW |
Handle => 0x000003a4 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,210 | 1200 | RegQueryValueExW |
Handle => 0x000003a4 DataLength => 4 ValueName => Security_HKLM_only Type => 36239744 |
FAILURE | 0x00000002 | |
| 09:17:17,210 | 1200 | RegCloseKey |
Handle => 0x000003a4 |
SUCCESS | 0x00000000 | |
| 09:17:17,210 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,210 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,210 | 1200 | RegOpenKeyExW |
Handle => 0x000003a4 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,210 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,210 | 1200 | RegOpenKeyExW |
Handle => 0x000003b8 Registry => 0x000003a4 SubKey => FEATURE_MIME_HANDLING |
SUCCESS | 0x00000000 | |
| 09:17:17,210 | 1200 | RegQueryValueExW |
Handle => 0x000003b8 DataLength => 4 ValueName => AcroRd32.exe Type => 36239716 |
FAILURE | 0x00000002 | |
| 09:17:17,210 | 1200 | RegQueryValueExW |
Handle => 0x000003b8 DataLength => 4 ValueName => * Type => 36239716 |
FAILURE | 0x00000002 | |
| 09:17:17,210 | 1200 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 09:17:17,210 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,210 | 1200 | RegCloseKey |
Handle => 0x000003a4 |
SUCCESS | 0x00000000 | |
| 09:17:17,210 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,210 | 1200 | RegOpenKeyExA |
Handle => 0x000003a4 Registry => 0x80000002 SubKey => Software\Microsoft\Cryptography\OID |
SUCCESS | 0x00000000 | |
| 09:17:17,210 | 1200 | RegEnumKeyExA |
Index => 0 Handle => 0x000003a4 Name => EncodingType 0 Class => |
SUCCESS | 0x00000000 | |
| 09:17:17,210 | 1200 | RegOpenKeyExA |
Handle => 0x000003b8 Registry => 0x000003a4 SubKey => EncodingType 0 |
SUCCESS | 0x00000000 | |
| 09:17:17,210 | 1200 | RegOpenKeyExA |
Handle => 0x000003bc Registry => 0x000003b8 SubKey => CertDllOpenStoreProv |
SUCCESS | 0x00000000 | |
| 09:17:17,210 | 1200 | RegEnumKeyExA |
Index => 0 Handle => 0x000003bc Name => #16 Class => |
SUCCESS | 0x00000000 | |
| 09:17:17,210 | 1200 | RegOpenKeyExA |
Handle => 0x000003c0 Registry => 0x000003bc SubKey => #16 |
SUCCESS | 0x00000000 | |
| 09:17:17,210 | 1200 | RegQueryInfoKeyW |
MaxClassLength => 0 MaxValueLength => 36 MaxValueNameLength => 8 ValueCount => 2 MaxSubKeyLength => 0 KeyHandle => 0x000003c0 SubKeyCount => 0 Class => |
SUCCESS | 0x00000000 | |
| 09:17:17,220 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x000003c0 Data => c\x00r\x00y\x00p\x00t\x00n\x00e\x00t\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => Dll |
SUCCESS | 0x00000000 | |
| 09:17:17,220 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x000003c0 Data => L\x00d\x00a\x00p\x00P\x00r\x00o\x00v\x00O\x00p\x00e\x00n\x00S\x00t\x00o\x00r\x00e\x00\x00\x00 ValueName => FuncName |
SUCCESS | 0x00000000 | |
| 09:17:17,220 | 1200 | RegCloseKey |
Handle => 0x000003c0 |
SUCCESS | 0x00000000 | |
| 09:17:17,220 | 1200 | RegEnumKeyExA |
Index => 1 Handle => 0x000003bc Name => Ldap Class => |
SUCCESS | 0x00000000 | |
| 09:17:17,220 | 1200 | RegOpenKeyExA |
Handle => 0x000003c0 Registry => 0x000003bc SubKey => Ldap |
SUCCESS | 0x00000000 | |
| 09:17:17,220 | 1200 | RegQueryInfoKeyW |
MaxClassLength => 0 MaxValueLength => 36 MaxValueNameLength => 8 ValueCount => 2 MaxSubKeyLength => 0 KeyHandle => 0x000003c0 SubKeyCount => 0 Class => |
SUCCESS | 0x00000000 | |
| 09:17:17,220 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x000003c0 Data => c\x00r\x00y\x00p\x00t\x00n\x00e\x00t\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => Dll |
SUCCESS | 0x00000000 | |
| 09:17:17,220 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x000003c0 Data => L\x00d\x00a\x00p\x00P\x00r\x00o\x00v\x00O\x00p\x00e\x00n\x00S\x00t\x00o\x00r\x00e\x00\x00\x00 ValueName => FuncName |
SUCCESS | 0x00000000 | |
| 09:17:17,220 | 1200 | RegCloseKey |
Handle => 0x000003c0 |
SUCCESS | 0x00000000 | |
| 09:17:17,220 | 1200 | RegEnumKeyExA |
Index => 2 Handle => 0x000003bc Name => Ldap Class => |
FAILURE | 0x00000103 | |
| 09:17:17,220 | 1200 | RegCloseKey |
Handle => 0x000003bc |
SUCCESS | 0x00000000 | |
| 09:17:17,220 | 1200 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 09:17:17,220 | 1200 | RegEnumKeyExA |
Index => 1 Handle => 0x000003a4 Name => EncodingType 1 Class => |
SUCCESS | 0x00000000 | |
| 09:17:17,220 | 1200 | RegOpenKeyExA |
Handle => 0x000003b8 Registry => 0x000003a4 SubKey => EncodingType 1 |
SUCCESS | 0x00000000 | |
| 09:17:17,220 | 1200 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x000003b8 SubKey => CertDllOpenStoreProv |
FAILURE | 0x00000002 | |
| 09:17:17,220 | 1200 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 09:17:17,220 | 1200 | RegEnumKeyExA |
Index => 2 Handle => 0x000003a4 Name => EncodingType 1 Class => |
FAILURE | 0x00000103 | |
| 09:17:17,220 | 1200 | RegCloseKey |
Handle => 0x000003a4 |
SUCCESS | 0x00000000 | |
| 09:17:17,270 | 1200 | RegOpenKeyExW |
Handle => 0x000003a4 Registry => 0x80000003 SubKey => S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 09:17:17,270 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003a4 SubKey => Software\Microsoft\SystemCertificates\MY\PhysicalStores |
FAILURE | 0x00000002 | |
| 09:17:17,270 | 1200 | RegCloseKey |
Handle => 0x000003a4 |
SUCCESS | 0x00000000 | |
| 09:17:17,270 | 1200 | RegOpenKeyExW |
Handle => 0x000003a4 Registry => 0x80000003 SubKey => S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 09:17:17,270 | 1200 | RegCreateKeyExW |
Handle => 0x000003b8 Access => 983103 Registry => 0x000003a4 Class => SubKey => Software\Microsoft\SystemCertificates\MY |
SUCCESS | 0x00000000 | |
| 09:17:17,270 | 1200 | RegCloseKey |
Handle => 0x000003a4 |
SUCCESS | 0x00000000 | |
| 09:17:17,270 | 1200 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 09:17:17,270 | 1200 | LdrLoadDll |
Flags => 36238248 BaseAddress => 0x77c00000 FileName => VERSION.dll |
SUCCESS | 0x00000000 | |
| 09:17:17,270 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetFileVersionInfoSizeA FunctionAddress => 0x77c019ef ModuleHandle => 0x77c00000 |
SUCCESS | 0x00000000 | |
| 09:17:17,270 | 1200 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => userenv.dll |
FAILURE | 3221225781 | |
| 09:17:17,270 | 1200 | NtCreateFile |
ShareAccess => 5 FileName => C:\WINDOWS\system32\userenv.dll DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x000003a4 |
SUCCESS | 0x00000000 | |
| 09:17:17,270 | 1200 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x000003bc FileHandle => 0x000003a4 |
SUCCESS | 0x00000000 | |
| 09:17:17,270 | 1200 | ZwMapViewOfSection |
SectionOffset => 0x0228f104 SectionHandle => 0x000003bc ProcessHandle => 0xffffffff BaseAddress => 0x02490000 |
SUCCESS | 0x00000000 | |
| 09:17:17,691 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetFileVersionInfoA FunctionAddress => 0x77c01a40 ModuleHandle => 0x77c00000 |
SUCCESS | 0x00000000 | |
| 09:17:17,691 | 1200 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => userenv.dll |
FAILURE | 3221225781 | |
| 09:17:17,691 | 1200 | NtCreateFile |
ShareAccess => 5 FileName => C:\WINDOWS\system32\userenv.dll DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x000003bc |
SUCCESS | 0x00000000 | |
| 09:17:17,691 | 1200 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x000003a4 FileHandle => 0x000003bc |
SUCCESS | 0x00000000 | |
| 09:17:17,691 | 1200 | ZwMapViewOfSection |
SectionOffset => 0x0228f0f4 SectionHandle => 0x000003a4 ProcessHandle => 0xffffffff BaseAddress => 0x02490000 |
SUCCESS | 0x00000000 | |
| 09:17:17,701 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => VerQueryValueA FunctionAddress => 0x77c018aa ModuleHandle => 0x77c00000 |
SUCCESS | 0x00000000 | |
| 09:17:17,701 | 1200 | LdrLoadDll |
Flags => 36238692 BaseAddress => 0x769c0000 FileName => userenv.dll |
SUCCESS | 0x00000000 | |
| 09:17:17,711 | 1200 | LdrGetProcedureAddress |
Ordinal => 149 FunctionName => FunctionAddress => 0x769c1bc9 ModuleHandle => 0x769c0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,711 | 1200 | RegOpenKeyExW |
Handle => 0x000003bc Registry => 0x80000003 SubKey => S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 09:17:17,711 | 1200 | RegQueryValueExW |
Handle => 0x000003bc Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => AppData |
SUCCESS | 0x00000000 | |
| 09:17:17,711 | 1200 | RegOpenKeyExW |
Handle => 0x000003c0 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 09:17:17,711 | 1200 | RegQueryValueExW |
Handle => 0x000003c0 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00D\x00r\x00i\x00v\x00e\x00%\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\x00\x00 ValueName => ProfilesDirectory |
SUCCESS | 0x00000000 | |
| 09:17:17,711 | 1200 | RegCloseKey |
Handle => 0x000003c0 |
SUCCESS | 0x00000000 | |
| 09:17:17,711 | 1200 | RegOpenKeyExW |
Handle => 0x000003c0 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 09:17:17,711 | 1200 | RegQueryValueExW |
Handle => 0x000003c0 Data => A\x00l\x00l\x00 \x00U\x00s\x00e\x00r\x00s\x00\x00\x00 ValueName => AllUsersProfile |
SUCCESS | 0x00000000 | |
| 09:17:17,711 | 1200 | RegCloseKey |
Handle => 0x000003c0 |
SUCCESS | 0x00000000 | |
| 09:17:17,711 | 1200 | RegOpenKeyExW |
Handle => 0x000003c0 Registry => 0x80000002 SubKey => System\CurrentControlSet\Control\Session Manager\Environment |
SUCCESS | 0x00000000 | |
| 09:17:17,711 | 1200 | RegQueryInfoKeyW |
MaxClassLength => 0 MaxValueLength => 124 MaxValueNameLength => 22 ValueCount => 13 MaxSubKeyLength => 0 KeyHandle => 0x000003c0 SubKeyCount => 0 Class => |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x000003c0 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00c\x00m\x00d\x00.\x00e\x00x\x00e\x00\x00\x00 ValueName => ComSpec |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x000003c0 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00W\x00b\x00e\x00m\x00\x00\x00 ValueName => Path |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 2 Handle => 0x000003c0 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\x00\x00 ValueName => windir |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 3 Handle => 0x000003c0 Data => N\x00O\x00\x00\x00 ValueName => FP_NO_HOST_CHECK |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 4 Handle => 0x000003c0 Data => W\x00i\x00n\x00d\x00o\x00w\x00s\x00_\x00N\x00T\x00\x00\x00 ValueName => OS |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 5 Handle => 0x000003c0 Data => x\x008\x006\x00\x00\x00 ValueName => PROCESSOR_ARCHITECTURE |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 6 Handle => 0x000003c0 Data => 1\x005\x00\x00\x00 ValueName => PROCESSOR_LEVEL |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 7 Handle => 0x000003c0 Data => x\x008\x006\x00 \x00F\x00a\x00m\x00i\x00l\x00y\x00 \x001\x005\x00 \x00M\x00o\x00d\x00e\x00l\x00 \x001\x000\x007\x00 \x00S\x00t\x00e\x00p\x00p\x00i\x00n\x00g\x00 \x001\x00,\x00 \x00A\x00u\x00t\x00h\x00e\x00n\x00t\x00i\x00c\x00A\x00M\x00D\x00\x00\x00 ValueName => PROCESSOR_IDENTIFIER |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 8 Handle => 0x000003c0 Data => 6\x00b\x000\x001\x00\x00\x00 ValueName => PROCESSOR_REVISION |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 9 Handle => 0x000003c0 Data => 1\x00\x00\x00 ValueName => NUMBER_OF_PROCESSORS |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 10 Handle => 0x000003c0 Data => .\x00C\x00O\x00M\x00;\x00.\x00E\x00X\x00E\x00;\x00.\x00B\x00A\x00T\x00;\x00.\x00C\x00M\x00D\x00;\x00.\x00V\x00B\x00S\x00;\x00.\x00V\x00B\x00E\x00;\x00.\x00J\x00S\x00;\x00.\x00J\x00S\x00E\x00;\x00.\x00W\x00S\x00F\x00;\x00.\x00W\x00S\x00H\x00\x00\x00 ValueName => PATHEXT |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 11 Handle => 0x000003c0 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 12 Handle => 0x000003c0 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x000003c0 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00c\x00m\x00d\x00.\x00e\x00x\x00e\x00\x00\x00 ValueName => ComSpec |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x000003c0 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00W\x00b\x00e\x00m\x00\x00\x00 ValueName => Path |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 2 Handle => 0x000003c0 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\x00\x00 ValueName => windir |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 3 Handle => 0x000003c0 Data => N\x00O\x00\x00\x00 ValueName => FP_NO_HOST_CHECK |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 4 Handle => 0x000003c0 Data => W\x00i\x00n\x00d\x00o\x00w\x00s\x00_\x00N\x00T\x00\x00\x00 ValueName => OS |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 5 Handle => 0x000003c0 Data => x\x008\x006\x00\x00\x00 ValueName => PROCESSOR_ARCHITECTURE |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 6 Handle => 0x000003c0 Data => 1\x005\x00\x00\x00 ValueName => PROCESSOR_LEVEL |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 7 Handle => 0x000003c0 Data => x\x008\x006\x00 \x00F\x00a\x00m\x00i\x00l\x00y\x00 \x001\x005\x00 \x00M\x00o\x00d\x00e\x00l\x00 \x001\x000\x007\x00 \x00S\x00t\x00e\x00p\x00p\x00i\x00n\x00g\x00 \x001\x00,\x00 \x00A\x00u\x00t\x00h\x00e\x00n\x00t\x00i\x00c\x00A\x00M\x00D\x00\x00\x00 ValueName => PROCESSOR_IDENTIFIER |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 8 Handle => 0x000003c0 Data => 6\x00b\x000\x001\x00\x00\x00 ValueName => PROCESSOR_REVISION |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 9 Handle => 0x000003c0 Data => 1\x00\x00\x00 ValueName => NUMBER_OF_PROCESSORS |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 10 Handle => 0x000003c0 Data => .\x00C\x00O\x00M\x00;\x00.\x00E\x00X\x00E\x00;\x00.\x00B\x00A\x00T\x00;\x00.\x00C\x00M\x00D\x00;\x00.\x00V\x00B\x00S\x00;\x00.\x00V\x00B\x00E\x00;\x00.\x00J\x00S\x00;\x00.\x00J\x00S\x00E\x00;\x00.\x00W\x00S\x00F\x00;\x00.\x00W\x00S\x00H\x00\x00\x00 ValueName => PATHEXT |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 11 Handle => 0x000003c0 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegEnumValueW |
Index => 12 Handle => 0x000003c0 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegCloseKey |
Handle => 0x000003c0 |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x000003c0 ObjectAttributes => \Registry\Machine\System\CurrentControlSet\Control\ComputerName |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x000003c4 ObjectAttributes => ActiveComputerName |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | NtQueryValueKey |
Information => T\x00U\x00R\x00B\x00O\x00P\x00C\x00\x00\x00 KeyHandle => 0x000003c4 ValueName => ComputerName Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegOpenKeyExW |
Handle => 0x000003c0 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegQueryValueExW |
Handle => 0x000003c0 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00D\x00r\x00i\x00v\x00e\x00%\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\x00\x00 ValueName => ProfilesDirectory |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegCloseKey |
Handle => 0x000003c0 |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegOpenKeyExW |
Handle => 0x000003c0 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegQueryValueExW |
Handle => 0x000003c0 Data => D\x00e\x00f\x00a\x00u\x00l\x00t\x00 \x00U\x00s\x00e\x00r\x00\x00\x00 ValueName => DefaultUserProfile |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegCloseKey |
Handle => 0x000003c0 |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegOpenKeyExW |
Handle => 0x000003c0 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegQueryValueExW |
Handle => 0x000003c0 Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\x00\x00 ValueName => ProgramFilesDir |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegQueryValueExW |
Handle => 0x000003c0 Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\\x00C\x00o\x00m\x00m\x00o\x00n\x00 \x00F\x00i\x00l\x00e\x00s\x00\x00\x00 ValueName => CommonFilesDir |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegCloseKey |
Handle => 0x000003c0 |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | RegOpenKeyExW |
Handle => 0x000003c0 Registry => 0x80000003 SubKey => S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | LdrLoadDll |
Flags => 36237944 BaseAddress => 0x77fe0000 FileName => secur32.dll |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetUserNameExW FunctionAddress => 0x77fe1c70 ModuleHandle => 0x77fe0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetComputerObjectNameW FunctionAddress => 0x77febed4 ModuleHandle => 0x77fe0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => TranslateNameW FunctionAddress => 0x77fec06b ModuleHandle => 0x77fe0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AcceptSecurityContext FunctionAddress => 0x77fe5351 ModuleHandle => 0x77fe0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => AcquireCredentialsHandleW FunctionAddress => 0x77fe3103 ModuleHandle => 0x77fe0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DeleteSecurityContext FunctionAddress => 0x77fe2d0d ModuleHandle => 0x77fe0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,721 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => FreeContextBuffer FunctionAddress => 0x77fe287e ModuleHandle => 0x77fe0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => FreeCredentialsHandle FunctionAddress => 0x77fe2b91 ModuleHandle => 0x77fe0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InitializeSecurityContextW FunctionAddress => 0x77fe5bd3 ModuleHandle => 0x77fe0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => QuerySecurityContextToken FunctionAddress => 0x77fea43b ModuleHandle => 0x77fe0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => QuerySecurityPackageInfoW FunctionAddress => 0x77fe386c ModuleHandle => 0x77fe0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | LdrLoadDll |
Flags => 36237420 BaseAddress => 0x5b860000 FileName => netapi32.dll |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DsGetDcNameW FunctionAddress => 0x5b86d189 ModuleHandle => 0x5b860000 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DsGetSiteNameW FunctionAddress => 0x5b87299f ModuleHandle => 0x5b860000 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DsRoleGetPrimaryDomainInformation FunctionAddress => 0x5b86cfdd ModuleHandle => 0x5b860000 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DsRoleFreeMemory FunctionAddress => 0x5b86cedd ModuleHandle => 0x5b860000 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NetApiBufferFree FunctionAddress => 0x5b867a00 ModuleHandle => 0x5b860000 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NetUserGetGroups FunctionAddress => 0x5b894df0 ModuleHandle => 0x5b860000 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NetUserGetInfo FunctionAddress => 0x5b86acf1 ModuleHandle => 0x5b860000 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => PIPE\lsarpc DesiredAccess => 0xc0100080 CreateDisposition => 1 FileHandle => 0x000003d0 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | NtSetInformationFile |
FileHandle => 0x000003d0 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 09:17:17,731 | 1200 | NtWriteFile |
Buffer => \x05\x00\x0b\x03\x10\x00\x00\x00H\x00\x00\x00\x01\x00\x00\x00\xb8\x10\xb8\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00j(\x199\x0c\xb1\xd0\x11\x9b\xa8\x00\xc0O\xd9.\xf5\x00\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00 FileHandle => 0x000003d0 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | NtReadFile |
Buffer => \x05\x00\x0c\x03\x10\x00\x00\x00D\x00\x00\x00\x01\x00\x00\x00\xb8\x10\xb8\x10\xa6E\x00\x00\x0c\x00\PIPE\lsass\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00 FileHandle => 0x000003d0 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | RegOpenKeyExW |
Handle => 0x000003d0 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | RegQueryValueExW |
Handle => 0x000003d0 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00D\x00r\x00i\x00v\x00e\x00%\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\x00\x00 ValueName => ProfileImagePath |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | RegCloseKey |
Handle => 0x000003d0 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | RegCreateKeyExW |
Handle => 0x000003d0 Access => 131103 Registry => 0x000003c0 Class => SubKey => Software\Microsoft\Windows NT\CurrentVersion\Winlogon |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | RegQueryValueExW |
Handle => 0x000003d0 Data => 1\x00\x00\x00 ValueName => ParseAutoexec |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | RegCloseKey |
Handle => 0x000003d0 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | NtCreateFile |
ShareAccess => 1 FileName => c:\autoexec.bat DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x000003d0 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | NtQueryInformationFile |
FileHandle => 0x000003d0 FileInformation => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | NtReadFile |
Buffer => FileHandle => 0x000003d0 |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | RegOpenKeyExW |
Handle => 0x000003d0 Registry => 0x000003c0 SubKey => Environment |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x000003d0 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 09:17:17,731 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x000003d0 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 2 Handle => 0x000003d0 DataLength => 4096 ValueName => TMP Type => 36237580 |
FAILURE | 0x00000103 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x000003d0 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings |
SUCCESS | 0x00243480 | |
| 09:17:17,741 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings |
SUCCESS | 0x00243480 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x000003d0 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings |
SUCCESS | 0x00243480 | |
| 09:17:17,741 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings |
SUCCESS | 0x00243480 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 2 Handle => 0x000003d0 DataLength => 4096 ValueName => TMP Type => 36237580 |
FAILURE | 0x00000103 | |
| 09:17:17,741 | 1200 | RegCloseKey |
Handle => 0x000003d0 |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegOpenKeyExW |
Handle => 0x000003d0 Registry => 0x000003c0 SubKey => Volatile Environment |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x000003d0 Data => \\x00\\x00T\x00U\x00R\x00B\x00O\x00P\x00C\x00\x00\x00 ValueName => LOGONSERVER |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x000003d0 Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => CLIENTNAME |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 2 Handle => 0x000003d0 Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => SESSIONNAME |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 3 Handle => 0x000003d0 Data => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => APPDATA |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 4 Handle => 0x000003d0 Data => C\x00:\x00\x00\x00 ValueName => HOMEDRIVE |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 5 Handle => 0x000003d0 Data => \x00\x00 ValueName => HOMESHARE |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 6 Handle => 0x000003d0 Data => \\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\x00\x00 ValueName => HOMEPATH |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 7 Handle => 0x000003d0 DataLength => 4096 ValueName => HOMEPATH Type => 36237580 |
FAILURE | 0x00000103 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x000003d0 Data => \\x00\\x00T\x00U\x00R\x00B\x00O\x00P\x00C\x00\x00\x00 ValueName => LOGONSERVER |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x000003d0 Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => CLIENTNAME |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 2 Handle => 0x000003d0 Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => SESSIONNAME |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 3 Handle => 0x000003d0 Data => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => APPDATA |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 4 Handle => 0x000003d0 Data => C\x00:\x00\x00\x00 ValueName => HOMEDRIVE |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 5 Handle => 0x000003d0 Data => \x00\x00 ValueName => HOMESHARE |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 6 Handle => 0x000003d0 Data => \\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\x00\x00 ValueName => HOMEPATH |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegEnumValueW |
Index => 7 Handle => 0x000003d0 DataLength => 4096 ValueName => HOMEPATH Type => 36237580 |
FAILURE | 0x00000103 | |
| 09:17:17,741 | 1200 | RegCloseKey |
Handle => 0x000003d0 |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegCloseKey |
Handle => 0x000003c0 |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00001000 BaseAddress => 0x02170000 |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegCloseKey |
Handle => 0x000003bc |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegOpenKeyExW |
Handle => 0x000003b8 Registry => 0x80000003 SubKey => S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegOpenKeyExW |
Handle => 0x000003bc Registry => 0x000003b8 SubKey => Software\Microsoft\SystemCertificates\MY |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegOpenKeyExW |
Handle => 0x000003b8 Registry => 0x000003bc SubKey => |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003b8 SubKey => Certificates |
FAILURE | 0x00000002 | |
| 09:17:17,741 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Microsoft\SystemCertificates\My\Certificates\* |
SUCCESS | 0x00243480 | |
| 09:17:17,741 | 1200 | NtQueryDirectoryFile |
FileName => FileHandle => 0x000003c0 FileInformation => \x00\x00\x00\x00\x00\x00\x00\x00p\x03]\xb9\xd5I\xcd\x01p\xf7\xddf\xe8\x91\xcf\x01`\xb0M2oI\xcd\x01PKl\xb9\xd5I\xcd\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00.\x00 |
SUCCESS | 0x00000000 | |
| 09:17:17,741 | 1200 | NtQueryDirectoryFile |
FileName => FileHandle => 0x000003c0 FileInformation => |
FAILURE | 2147483654 | |
| 09:17:17,741 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003b8 SubKey => CRLs |
FAILURE | 0x00000002 | |
| 09:17:17,741 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Microsoft\SystemCertificates\My\CRLs\* |
SUCCESS | 0x00243480 | |
| 09:17:17,741 | 1200 | NtQueryDirectoryFile |
FileName => FileHandle => 0x000003c0 FileInformation => \x00\x00\x00\x00\x00\x00\x00\x00p\x03]\xb9\xd5I\xcd\x01p\xf7\xddf\xe8\x91\xcf\x01`\xb0M2oI\xcd\x01PKl\xb9\xd5I\xcd\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00.\x00 |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | NtQueryDirectoryFile |
FileName => FileHandle => 0x000003c0 FileInformation => |
FAILURE | 2147483654 | |
| 09:17:17,751 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003b8 SubKey => CTLs |
FAILURE | 0x00000002 | |
| 09:17:17,751 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Microsoft\SystemCertificates\My\CTLs\* |
SUCCESS | 0x00243480 | |
| 09:17:17,751 | 1200 | NtQueryDirectoryFile |
FileName => FileHandle => 0x000003c0 FileInformation => \x00\x00\x00\x00\x00\x00\x00\x00p\x03]\xb9\xd5I\xcd\x01p\xf7\xddf\xe8\x91\xcf\x01`\xb0M2oI\xcd\x01PKl\xb9\xd5I\xcd\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00.\x00 |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | NtQueryDirectoryFile |
FileName => FileHandle => 0x000003c0 FileInformation => |
FAILURE | 2147483654 | |
| 09:17:17,751 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003b8 SubKey => Keys |
FAILURE | 0x00000002 | |
| 09:17:17,751 | 1200 | RegCloseKey |
Handle => 0x000003bc |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrLoadDll |
Flags => 36239648 BaseAddress => 0x76c30000 FileName => wintrust.dll |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => WinVerifyTrust FunctionAddress => 0x76c32f2c ModuleHandle => 0x76c30000 |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => WTHelperProvDataFromStateData FunctionAddress => 0x76c416e6 ModuleHandle => 0x76c30000 |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrLoadDll |
Flags => 36239532 BaseAddress => 0x77c00000 FileName => VERSION.dll |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetFileVersionInfoSizeA FunctionAddress => 0x77c019ef ModuleHandle => 0x77c00000 |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrGetDllHandle |
ModuleHandle => 0x76c30000 FileName => C:\WINDOWS\system32\wintrust.dll |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrLoadDll |
Flags => 36239576 BaseAddress => 0x76c30000 FileName => C:\WINDOWS\system32\wintrust.dll |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetFileVersionInfoA FunctionAddress => 0x77c01a40 ModuleHandle => 0x77c00000 |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrGetDllHandle |
ModuleHandle => 0x76c30000 FileName => C:\WINDOWS\system32\wintrust.dll |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrLoadDll |
Flags => 36237596 BaseAddress => 0x76c30000 FileName => C:\WINDOWS\system32\wintrust.dll |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => VerQueryValueA FunctionAddress => 0x77c018aa ModuleHandle => 0x77c00000 |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrLoadDll |
Flags => 36239948 BaseAddress => 0x767f0000 FileName => schannel |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InitSecurityInterfaceA FunctionAddress => 0x77fe6a3c ModuleHandle => 0x767f0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SslCrackCertificate FunctionAddress => 0x767f2e31 ModuleHandle => 0x767f0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SslFreeCertificate FunctionAddress => 0x767f2e0c ModuleHandle => 0x767f0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrGetDllHandle |
ModuleHandle => 0x77a80000 FileName => crypt32 |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CryptInstallDefaultContext FunctionAddress => 0x77abcb30 ModuleHandle => 0x77a80000 |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CryptUninstallDefaultContext FunctionAddress => 0x77abcc94 ModuleHandle => 0x77a80000 |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CertFindChainInStore FunctionAddress => 0x77ac0d1e ModuleHandle => 0x77a80000 |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CertFreeCertificateChain FunctionAddress => 0x77a9b041 ModuleHandle => 0x77a80000 |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | RegOpenKeyExW |
Handle => 0x000003dc Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 4 ValueName => Security_HKLM_only Type => 36239448 |
FAILURE | 0x00000002 | |
| 09:17:17,751 | 1200 | RegCloseKey |
Handle => 0x000003dc |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,751 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,751 | 1200 | RegOpenKeyExW |
Handle => 0x000003dc Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:17,751 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:17,751 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003dc SubKey => FEATURE_HTTP_USERNAME_PASSWORD_DISABLE |
FAILURE | 0x00000002 | |
| 09:17:17,751 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:17,761 | 1200 | RegCloseKey |
Handle => 0x000003dc |
SUCCESS | 0x00000000 | |
| 09:17:17,761 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:17,761 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => HttpAddRequestHeadersA FunctionAddress => 0x771c40ca ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,761 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => HttpSendRequestA FunctionAddress => 0x771c60a1 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,761 | 1200 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32.DLL |
SUCCESS | 0x00000000 | |
| 09:17:17,761 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => QueueUserWorkItem FunctionAddress => 0x7c830a52 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 09:17:17,791 | 1200 | LdrLoadDll |
Flags => 36240876 BaseAddress => 0x76ee0000 FileName => RASAPI32.DLL |
SUCCESS | 0x00000000 | |
| 09:17:17,791 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasDialW FunctionAddress => 0x76ef68db ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,791 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasHangUpW FunctionAddress => 0x76ee8bcd ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasEnumEntriesW FunctionAddress => 0x76ee3ce9 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasGetEntryDialParamsW FunctionAddress => 0x76ee7ad0 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasSetEntryDialParamsW FunctionAddress => 0x76ee917c ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasEditPhonebookEntryW FunctionAddress => 0x76ee6839 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasCreatePhonebookEntryW FunctionAddress => 0x76ee6767 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasGetErrorStringW FunctionAddress => 0x76ee7d38 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasGetConnectStatusW FunctionAddress => 0x76ee70cb ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasEnumConnectionsW FunctionAddress => 0x76ee2520 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasGetEntryPropertiesW FunctionAddress => 0x76ee9a5b ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasGetCredentialsW FunctionAddress => 0x76eeacb1 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasSetCredentialsW FunctionAddress => 0x76eeb078 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasGetAutodialAddressA FunctionAddress => 0x76eebbe0 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasSetAutodialAddressA FunctionAddress => 0x76eec044 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrLoadDll |
Flags => 36240724 BaseAddress => 0x76e80000 FileName => RTUTILS.DLL |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => TraceRegisterExA FunctionAddress => 0x76e8212f ModuleHandle => 0x76e80000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => TraceDeregisterA FunctionAddress => 0x76e83ff9 ModuleHandle => 0x76e80000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => TraceDeregisterExA FunctionAddress => 0x76e82d77 ModuleHandle => 0x76e80000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => TracePrintfA FunctionAddress => 0x76e81aad ModuleHandle => 0x76e80000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => TracePrintfExA FunctionAddress => 0x76e819e2 ModuleHandle => 0x76e80000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => TraceDumpExA FunctionAddress => 0x76e8253f ModuleHandle => 0x76e80000 |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | RegCreateKeyExA |
Handle => 0x00000418 Access => 983103 Registry => 0x80000002 Class => SubKey => Software\Microsoft\Tracing |
SUCCESS | 0x00000000 | |
| 09:17:17,811 | 1200 | RegQueryValueExA |
Handle => 0x00000418 Data => 0 ValueName => EnableConsoleTracing |
SUCCESS | 0x00000000 | |
| 09:17:17,821 | 1200 | RegCloseKey |
Handle => 0x00000418 |
SUCCESS | 0x00000000 | |
| 09:17:17,821 | 1200 | RegOpenKeyExA |
Handle => 0x00000420 Registry => 0x80000002 SubKey => Software\Microsoft\Tracing\RASAPI32 |
SUCCESS | 0x00000000 | |
| 09:17:17,821 | 1200 | RegQueryValueExA |
Handle => 0x00000420 Data => 0 ValueName => EnableFileTracing |
SUCCESS | 0x00000000 | |
| 09:17:17,821 | 1200 | RegQueryValueExA |
Handle => 0x00000420 Data => 4294901760 ValueName => FileTracingMask |
SUCCESS | 0x00000000 | |
| 09:17:17,821 | 1200 | RegQueryValueExA |
Handle => 0x00000420 Data => 0 ValueName => EnableConsoleTracing |
SUCCESS | 0x00000000 | |
| 09:17:17,821 | 1200 | RegQueryValueExA |
Handle => 0x00000420 Data => 4294901760 ValueName => ConsoleTracingMask |
SUCCESS | 0x00000000 | |
| 09:17:17,821 | 1200 | RegQueryValueExA |
Handle => 0x00000420 Data => 1048576 ValueName => MaxFileSize |
SUCCESS | 0x00000000 | |
| 09:17:17,821 | 1200 | RegQueryValueExA |
Handle => 0x00000420 Data => %windir%\tracing\x00 ValueName => FileDirectory |
SUCCESS | 0x00000000 | |
| 09:17:17,821 | 1200 | RegQueryValueExA |
Handle => 0x00000420 Data => 0 ValueName => EnableFileTracing |
SUCCESS | 0x00000000 | |
| 09:17:17,821 | 1200 | RegQueryValueExA |
Handle => 0x00000420 Data => 4294901760 ValueName => FileTracingMask |
SUCCESS | 0x00000000 | |
| 09:17:17,821 | 1200 | RegQueryValueExA |
Handle => 0x00000420 Data => 0 ValueName => EnableConsoleTracing |
SUCCESS | 0x00000000 | |
| 09:17:17,821 | 1200 | RegQueryValueExA |
Handle => 0x00000420 Data => 4294901760 ValueName => ConsoleTracingMask |
SUCCESS | 0x00000000 | |
| 09:17:17,821 | 1200 | RegQueryValueExA |
Handle => 0x00000420 Data => 1048576 ValueName => MaxFileSize |
SUCCESS | 0x00000000 | |
| 09:17:17,821 | 1200 | RegQueryValueExA |
Handle => 0x00000420 Data => %windir%\tracing\x00 ValueName => FileDirectory |
SUCCESS | 0x00000000 | |
| 09:17:17,841 | 1200 | OpenSCManagerW |
MachineName => DatabaseName => DesiredAccess => 2147483648 |
SUCCESS | 0x0025f410 | |
| 09:17:17,841 | 1200 | OpenServiceW |
ServiceControlManager => 0x0025f410 ServiceName => RASMAN DesiredAccess => 4 |
SUCCESS | 0x0025f398 | |
| 09:17:17,841 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => EnableAutodial Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:17,861 | 1200 | OpenSCManagerA |
MachineName => DatabaseName => DesiredAccess => 2147483648 |
SUCCESS | 0x0025f410 | |
| 09:17:17,901 | 1200 | LdrLoadDll |
Flags => 36240880 BaseAddress => 0x722b0000 FileName => sensapi.dll |
SUCCESS | 0x00000000 | |
| 09:17:17,901 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => IsNetworkAlive FunctionAddress => 0x722b1260 ModuleHandle => 0x722b0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,901 | 1200 | NtOpenSection |
DesiredAccess => 0x00000004 ObjectAttributes => C:\SENS Information Cache SectionHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 09:17:17,901 | 1200 | ZwMapViewOfSection |
SectionOffset => 0x0228fdc8 SectionHandle => 0x0000042c ProcessHandle => 0xffffffff BaseAddress => 0x02610000 |
SUCCESS | 0x00000000 | |
| 09:17:17,921 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => PIPE\lsarpc DesiredAccess => 0xc0100080 CreateDisposition => 1 FileHandle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 09:17:17,921 | 1200 | NtSetInformationFile |
FileHandle => 0x00000434 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 09:17:17,921 | 1200 | NtWriteFile |
Buffer => \x05\x00\x0b\x03\x10\x00\x00\x00H\x00\x00\x00\x01\x00\x00\x00\xb8\x10\xb8\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00xW4\x124\x12\xcd\xab\xef\x00\x01#Eg\x89\xab\x00\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00 FileHandle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 09:17:17,921 | 1200 | NtReadFile |
Buffer => \x05\x00\x0c\x03\x10\x00\x00\x00D\x00\x00\x00\x01\x00\x00\x00\xb8\x10\xb8\x10\xa7E\x00\x00\x0c\x00\PIPE\lsass\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00 FileHandle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 09:17:17,921 | 1584 | NtOpenKey |
DesiredAccess => 65547 KeyHandle => 0x00000438 ObjectAttributes => Software\Adobe\Adobe Synchronizer\11.0 |
SUCCESS | 0x00000000 | |
| 09:17:17,931 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x002434b8 | |
| 09:17:17,931 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x002434b8 | |
| 09:17:17,931 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x002434b8 | |
| 09:17:17,931 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x002434b8 | |
| 09:17:17,931 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000430 |
SUCCESS | 0x00000000 | |
| 09:17:17,931 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000438 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:17,931 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x002434b8 | |
| 09:17:17,931 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x002434b8 | |
| 09:17:17,931 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x002434b8 | |
| 09:17:17,931 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x002434b8 | |
| 09:17:17,931 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000430 |
SUCCESS | 0x00000000 | |
| 09:17:17,931 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000438 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:17,931 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000350 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:17,931 | 1200 | RegOpenKeyExA |
Handle => 0x00000430 Registry => 0x80000002 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,931 | 1200 | RegQueryValueExA |
Handle => 0x00000430 DataLength => 4 ValueName => ProxySettingsPerUser Type => 1072 |
FAILURE | 0x00000002 | |
| 09:17:17,931 | 1200 | RegCloseKey |
Handle => 0x00000430 |
SUCCESS | 0x00000000 | |
| 09:17:17,931 | 1200 | LdrLoadDll |
Flags => 36239324 BaseAddress => 0x7c900000 FileName => ntdll.dll |
SUCCESS | 0x00000000 | |
| 09:17:17,931 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RtlConvertSidToUnicodeString FunctionAddress => 0x7c914c35 ModuleHandle => 0x7c900000 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegOpenKeyExW |
Handle => 0x00000430 Registry => 0x80000003 SubKey => S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegOpenKeyExA |
Handle => 0x00000438 Registry => 0x00000430 SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegQueryValueExA |
Handle => 0x00000438 Data => 1 ValueName => MigrateProxy |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegCloseKey |
Handle => 0x00000438 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | LdrLoadDll |
Flags => 36239248 BaseAddress => 0x7c9c0000 FileName => SHELL32.dll |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SHGetFolderPathW FunctionAddress => 0x7c9eed76 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegCreateKeyExW |
Handle => 0x0000043c Access => 33554432 Registry => 0x80000002 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegQueryValueExW |
Handle => 0x0000043c Data => %\x00A\x00L\x00L\x00U\x00S\x00E\x00R\x00S\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => Common AppData |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | LdrLoadDll |
Flags => 36237916 BaseAddress => 0x769c0000 FileName => USERENV.dll |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ExpandEnvironmentStringsForUserW FunctionAddress => 0x769c7733 ModuleHandle => 0x769c0000 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegOpenKeyExW |
Handle => 0x00000440 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegQueryValueExW |
Handle => 0x00000440 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00D\x00r\x00i\x00v\x00e\x00%\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\x00\x00 ValueName => ProfilesDirectory |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegCloseKey |
Handle => 0x00000440 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegOpenKeyExW |
Handle => 0x00000440 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegQueryValueExW |
Handle => 0x00000440 Data => A\x00l\x00l\x00 \x00U\x00s\x00e\x00r\x00s\x00\x00\x00 ValueName => AllUsersProfile |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegCloseKey |
Handle => 0x00000440 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegOpenKeyExW |
Handle => 0x00000440 Registry => 0x80000002 SubKey => System\CurrentControlSet\Control\Session Manager\Environment |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegQueryInfoKeyW |
MaxClassLength => 0 MaxValueLength => 124 MaxValueNameLength => 22 ValueCount => 13 MaxSubKeyLength => 0 KeyHandle => 0x00000440 SubKeyCount => 0 Class => |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x00000440 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00c\x00m\x00d\x00.\x00e\x00x\x00e\x00\x00\x00 ValueName => ComSpec |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x00000440 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00W\x00b\x00e\x00m\x00\x00\x00 ValueName => Path |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 2 Handle => 0x00000440 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\x00\x00 ValueName => windir |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 3 Handle => 0x00000440 Data => N\x00O\x00\x00\x00 ValueName => FP_NO_HOST_CHECK |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 4 Handle => 0x00000440 Data => W\x00i\x00n\x00d\x00o\x00w\x00s\x00_\x00N\x00T\x00\x00\x00 ValueName => OS |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 5 Handle => 0x00000440 Data => x\x008\x006\x00\x00\x00 ValueName => PROCESSOR_ARCHITECTURE |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 6 Handle => 0x00000440 Data => 1\x005\x00\x00\x00 ValueName => PROCESSOR_LEVEL |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 7 Handle => 0x00000440 Data => x\x008\x006\x00 \x00F\x00a\x00m\x00i\x00l\x00y\x00 \x001\x005\x00 \x00M\x00o\x00d\x00e\x00l\x00 \x001\x000\x007\x00 \x00S\x00t\x00e\x00p\x00p\x00i\x00n\x00g\x00 \x001\x00,\x00 \x00A\x00u\x00t\x00h\x00e\x00n\x00t\x00i\x00c\x00A\x00M\x00D\x00\x00\x00 ValueName => PROCESSOR_IDENTIFIER |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 8 Handle => 0x00000440 Data => 6\x00b\x000\x001\x00\x00\x00 ValueName => PROCESSOR_REVISION |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 9 Handle => 0x00000440 Data => 1\x00\x00\x00 ValueName => NUMBER_OF_PROCESSORS |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 10 Handle => 0x00000440 Data => .\x00C\x00O\x00M\x00;\x00.\x00E\x00X\x00E\x00;\x00.\x00B\x00A\x00T\x00;\x00.\x00C\x00M\x00D\x00;\x00.\x00V\x00B\x00S\x00;\x00.\x00V\x00B\x00E\x00;\x00.\x00J\x00S\x00;\x00.\x00J\x00S\x00E\x00;\x00.\x00W\x00S\x00F\x00;\x00.\x00W\x00S\x00H\x00\x00\x00 ValueName => PATHEXT |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 11 Handle => 0x00000440 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 12 Handle => 0x00000440 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x00000440 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00c\x00m\x00d\x00.\x00e\x00x\x00e\x00\x00\x00 ValueName => ComSpec |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x00000440 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00W\x00b\x00e\x00m\x00\x00\x00 ValueName => Path |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 2 Handle => 0x00000440 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\x00\x00 ValueName => windir |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 3 Handle => 0x00000440 Data => N\x00O\x00\x00\x00 ValueName => FP_NO_HOST_CHECK |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 4 Handle => 0x00000440 Data => W\x00i\x00n\x00d\x00o\x00w\x00s\x00_\x00N\x00T\x00\x00\x00 ValueName => OS |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 5 Handle => 0x00000440 Data => x\x008\x006\x00\x00\x00 ValueName => PROCESSOR_ARCHITECTURE |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 6 Handle => 0x00000440 Data => 1\x005\x00\x00\x00 ValueName => PROCESSOR_LEVEL |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 7 Handle => 0x00000440 Data => x\x008\x006\x00 \x00F\x00a\x00m\x00i\x00l\x00y\x00 \x001\x005\x00 \x00M\x00o\x00d\x00e\x00l\x00 \x001\x000\x007\x00 \x00S\x00t\x00e\x00p\x00p\x00i\x00n\x00g\x00 \x001\x00,\x00 \x00A\x00u\x00t\x00h\x00e\x00n\x00t\x00i\x00c\x00A\x00M\x00D\x00\x00\x00 ValueName => PROCESSOR_IDENTIFIER |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 8 Handle => 0x00000440 Data => 6\x00b\x000\x001\x00\x00\x00 ValueName => PROCESSOR_REVISION |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 9 Handle => 0x00000440 Data => 1\x00\x00\x00 ValueName => NUMBER_OF_PROCESSORS |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 10 Handle => 0x00000440 Data => .\x00C\x00O\x00M\x00;\x00.\x00E\x00X\x00E\x00;\x00.\x00B\x00A\x00T\x00;\x00.\x00C\x00M\x00D\x00;\x00.\x00V\x00B\x00S\x00;\x00.\x00V\x00B\x00E\x00;\x00.\x00J\x00S\x00;\x00.\x00J\x00S\x00E\x00;\x00.\x00W\x00S\x00F\x00;\x00.\x00W\x00S\x00H\x00\x00\x00 ValueName => PATHEXT |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 11 Handle => 0x00000440 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegEnumValueW |
Index => 12 Handle => 0x00000440 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegCloseKey |
Handle => 0x00000440 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000440 ObjectAttributes => \Registry\Machine\System\CurrentControlSet\Control\ComputerName |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000444 ObjectAttributes => ActiveComputerName |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | NtQueryValueKey |
Information => T\x00U\x00R\x00B\x00O\x00P\x00C\x00\x00\x00 KeyHandle => 0x00000444 ValueName => ComputerName Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegOpenKeyExW |
Handle => 0x00000440 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegQueryValueExW |
Handle => 0x00000440 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00D\x00r\x00i\x00v\x00e\x00%\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\x00\x00 ValueName => ProfilesDirectory |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegCloseKey |
Handle => 0x00000440 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegOpenKeyExW |
Handle => 0x00000440 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegQueryValueExW |
Handle => 0x00000440 Data => D\x00e\x00f\x00a\x00u\x00l\x00t\x00 \x00U\x00s\x00e\x00r\x00\x00\x00 ValueName => DefaultUserProfile |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegCloseKey |
Handle => 0x00000440 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegOpenKeyExW |
Handle => 0x00000440 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegQueryValueExW |
Handle => 0x00000440 Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\x00\x00 ValueName => ProgramFilesDir |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegQueryValueExW |
Handle => 0x00000440 Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\\x00C\x00o\x00m\x00m\x00o\x00n\x00 \x00F\x00i\x00l\x00e\x00s\x00\x00\x00 ValueName => CommonFilesDir |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegCloseKey |
Handle => 0x00000440 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegOpenKeyExW |
Handle => 0x00000440 Registry => 0x80000003 SubKey => S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => PIPE\lsarpc DesiredAccess => 0xc0100080 CreateDisposition => 1 FileHandle => 0x00000448 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | NtSetInformationFile |
FileHandle => 0x00000448 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 09:17:17,941 | 1200 | NtWriteFile |
Buffer => \x05\x00\x0b\x03\x10\x00\x00\x00H\x00\x00\x00\x01\x00\x00\x00\xb8\x10\xb8\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00xW4\x124\x12\xcd\xab\xef\x00\x01#Eg\x89\xab\x00\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00 FileHandle => 0x00000448 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | NtReadFile |
Buffer => \x05\x00\x0c\x03\x10\x00\x00\x00D\x00\x00\x00\x01\x00\x00\x00\xb8\x10\xb8\x10\xa8E\x00\x00\x0c\x00\PIPE\lsass\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00 FileHandle => 0x00000448 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => PIPE\lsarpc DesiredAccess => 0xc0100080 CreateDisposition => 1 FileHandle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | NtSetInformationFile |
FileHandle => 0x00000444 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 09:17:17,941 | 1200 | NtWriteFile |
Buffer => \x05\x00\x0b\x03\x10\x00\x00\x00H\x00\x00\x00\x01\x00\x00\x00\xb8\x10\xb8\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00xW4\x124\x12\xcd\xab\xef\x00\x01#Eg\x89\xab\x00\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00 FileHandle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | NtReadFile |
Buffer => \x05\x00\x0c\x03\x10\x00\x00\x00D\x00\x00\x00\x01\x00\x00\x00\xb8\x10\xb8\x10\xa9E\x00\x00\x0c\x00\PIPE\lsass\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00 FileHandle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegOpenKeyExW |
Handle => 0x00000444 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegQueryValueExW |
Handle => 0x00000444 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00D\x00r\x00i\x00v\x00e\x00%\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\x00\x00 ValueName => ProfileImagePath |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegCloseKey |
Handle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegCreateKeyExW |
Handle => 0x00000444 Access => 131103 Registry => 0x00000440 Class => SubKey => Software\Microsoft\Windows NT\CurrentVersion\Winlogon |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegQueryValueExW |
Handle => 0x00000444 Data => 1\x00\x00\x00 ValueName => ParseAutoexec |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | RegCloseKey |
Handle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | NtCreateFile |
ShareAccess => 1 FileName => c:\autoexec.bat DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000444 FileInformation => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:17,941 | 1200 | NtReadFile |
Buffer => FileHandle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:17,971 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x002434b8 | |
| 09:17:17,971 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x002434b8 | |
| 09:17:17,971 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x002434b8 | |
| 09:17:17,971 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x002434b8 | |
| 09:17:17,971 | 1584 | NtCreateFile |
ShareAccess => 1 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\sep14cfs-c1.pdf DesiredAccess => 0x00120089 CreateDisposition => 1 FileHandle => 0x00000448 |
SUCCESS | 0x00000000 | |
| 09:17:17,971 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x0000044c DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:17,971 | 1584 | NtQueryInformationFile |
FileHandle => 0x00000448 FileInformation => W\x08i2\xaf\x91\xcf\x01\x17%o2\xaf\x91\xcf\x01\x17%o2\xaf\x91\xcf\x01\x17%o2\xaf\x91\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00`\x06\x00\x00\x00\x00\x00\xb6Y\x06\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\xfcK\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x89\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00~\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:17,971 | 1200 | RegOpenKeyExW |
Handle => 0x00000444 Registry => 0x00000440 SubKey => Environment |
SUCCESS | 0x00000000 | |
| 09:17:17,971 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x00000444 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 09:17:17,971 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x00000444 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 09:17:17,971 | 1200 | RegEnumValueW |
Index => 2 Handle => 0x00000444 DataLength => 4096 ValueName => TMP Type => 36237476 |
FAILURE | 0x00000103 | |
| 09:17:17,971 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x00000444 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 09:17:17,971 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings |
SUCCESS | 0x002434b8 | |
| 09:17:17,971 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings |
SUCCESS | 0x002434b8 | |
| 09:17:17,971 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x00000444 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 09:17:17,971 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings |
SUCCESS | 0x002434b8 | |
| 09:17:17,971 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings |
SUCCESS | 0x002434b8 | |
| 09:17:17,971 | 1200 | RegEnumValueW |
Index => 2 Handle => 0x00000444 DataLength => 4096 ValueName => TMP Type => 36237476 |
FAILURE | 0x00000103 | |
| 09:17:17,971 | 1200 | RegCloseKey |
Handle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:17,971 | 1200 | RegOpenKeyExW |
Handle => 0x00000444 Registry => 0x00000440 SubKey => Volatile Environment |
SUCCESS | 0x00000000 | |
| 09:17:17,971 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x00000444 Data => \\x00\\x00T\x00U\x00R\x00B\x00O\x00P\x00C\x00\x00\x00 ValueName => LOGONSERVER |
SUCCESS | 0x00000000 | |
| 09:17:17,971 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x00000444 Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => CLIENTNAME |
SUCCESS | 0x00000000 | |
| 09:17:17,971 | 1200 | RegEnumValueW |
Index => 2 Handle => 0x00000444 Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => SESSIONNAME |
SUCCESS | 0x00000000 | |
| 09:17:17,971 | 1200 | RegEnumValueW |
Index => 3 Handle => 0x00000444 Data => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => APPDATA |
SUCCESS | 0x00000000 | |
| 09:17:17,971 | 1200 | RegEnumValueW |
Index => 4 Handle => 0x00000444 Data => C\x00:\x00\x00\x00 ValueName => HOMEDRIVE |
SUCCESS | 0x00000000 | |
| 09:17:17,971 | 1200 | RegEnumValueW |
Index => 5 Handle => 0x00000444 Data => \x00\x00 ValueName => HOMESHARE |
SUCCESS | 0x00000000 | |
| 09:17:17,971 | 1200 | RegEnumValueW |
Index => 6 Handle => 0x00000444 Data => \\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\x00\x00 ValueName => HOMEPATH |
SUCCESS | 0x00000000 | |
| 09:17:17,971 | 1200 | RegEnumValueW |
Index => 7 Handle => 0x00000444 DataLength => 4096 ValueName => HOMEPATH Type => 36237476 |
FAILURE | 0x00000103 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x00000444 Data => \\x00\\x00T\x00U\x00R\x00B\x00O\x00P\x00C\x00\x00\x00 ValueName => LOGONSERVER |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x00000444 Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => CLIENTNAME |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 2 Handle => 0x00000444 Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => SESSIONNAME |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 3 Handle => 0x00000444 Data => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => APPDATA |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 4 Handle => 0x00000444 Data => C\x00:\x00\x00\x00 ValueName => HOMEDRIVE |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 5 Handle => 0x00000444 Data => \x00\x00 ValueName => HOMESHARE |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 6 Handle => 0x00000444 Data => \\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\x00\x00 ValueName => HOMEPATH |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 7 Handle => 0x00000444 DataLength => 4096 ValueName => HOMEPATH Type => 36237476 |
FAILURE | 0x00000103 | |
| 09:17:17,981 | 1200 | RegCloseKey |
Handle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegCloseKey |
Handle => 0x00000440 |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00001000 BaseAddress => 0x02620000 |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegCloseKey |
Handle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegCreateKeyExW |
Handle => 0x0000043c Access => 33554432 Registry => 0x80000002 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegSetValueExW |
Handle => 0x0000043c Buffer => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00A\x00l\x00l\x00 \x00U\x00s\x00e\x00r\x00s\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => Common AppData Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegCloseKey |
Handle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk |
SUCCESS | 4294967295 | |
| 09:17:17,981 | 1200 | FindFirstFileExW |
FileName => C:\WINDOWS\system32\Ras\*.pbk |
SUCCESS | 4294967295 | |
| 09:17:17,981 | 1200 | RegOpenKeyExW |
Handle => 0x0000043c Registry => 0x80000003 SubKey => S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegCreateKeyExW |
Handle => 0x00000440 Access => 33554432 Registry => 0x0000043c Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegCloseKey |
Handle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegQueryValueExW |
Handle => 0x00000440 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => AppData |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegOpenKeyExW |
Handle => 0x0000043c Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegQueryValueExW |
Handle => 0x0000043c Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00D\x00r\x00i\x00v\x00e\x00%\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\x00\x00 ValueName => ProfilesDirectory |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegCloseKey |
Handle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegOpenKeyExW |
Handle => 0x0000043c Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegQueryValueExW |
Handle => 0x0000043c Data => A\x00l\x00l\x00 \x00U\x00s\x00e\x00r\x00s\x00\x00\x00 ValueName => AllUsersProfile |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegCloseKey |
Handle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegOpenKeyExW |
Handle => 0x0000043c Registry => 0x80000002 SubKey => System\CurrentControlSet\Control\Session Manager\Environment |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegQueryInfoKeyW |
MaxClassLength => 0 MaxValueLength => 124 MaxValueNameLength => 22 ValueCount => 13 MaxSubKeyLength => 0 KeyHandle => 0x0000043c SubKeyCount => 0 Class => |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x0000043c Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00c\x00m\x00d\x00.\x00e\x00x\x00e\x00\x00\x00 ValueName => ComSpec |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x0000043c Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00W\x00b\x00e\x00m\x00\x00\x00 ValueName => Path |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 2 Handle => 0x0000043c Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\x00\x00 ValueName => windir |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 3 Handle => 0x0000043c Data => N\x00O\x00\x00\x00 ValueName => FP_NO_HOST_CHECK |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 4 Handle => 0x0000043c Data => W\x00i\x00n\x00d\x00o\x00w\x00s\x00_\x00N\x00T\x00\x00\x00 ValueName => OS |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 5 Handle => 0x0000043c Data => x\x008\x006\x00\x00\x00 ValueName => PROCESSOR_ARCHITECTURE |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 6 Handle => 0x0000043c Data => 1\x005\x00\x00\x00 ValueName => PROCESSOR_LEVEL |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 7 Handle => 0x0000043c Data => x\x008\x006\x00 \x00F\x00a\x00m\x00i\x00l\x00y\x00 \x001\x005\x00 \x00M\x00o\x00d\x00e\x00l\x00 \x001\x000\x007\x00 \x00S\x00t\x00e\x00p\x00p\x00i\x00n\x00g\x00 \x001\x00,\x00 \x00A\x00u\x00t\x00h\x00e\x00n\x00t\x00i\x00c\x00A\x00M\x00D\x00\x00\x00 ValueName => PROCESSOR_IDENTIFIER |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 8 Handle => 0x0000043c Data => 6\x00b\x000\x001\x00\x00\x00 ValueName => PROCESSOR_REVISION |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 9 Handle => 0x0000043c Data => 1\x00\x00\x00 ValueName => NUMBER_OF_PROCESSORS |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 10 Handle => 0x0000043c Data => .\x00C\x00O\x00M\x00;\x00.\x00E\x00X\x00E\x00;\x00.\x00B\x00A\x00T\x00;\x00.\x00C\x00M\x00D\x00;\x00.\x00V\x00B\x00S\x00;\x00.\x00V\x00B\x00E\x00;\x00.\x00J\x00S\x00;\x00.\x00J\x00S\x00E\x00;\x00.\x00W\x00S\x00F\x00;\x00.\x00W\x00S\x00H\x00\x00\x00 ValueName => PATHEXT |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 11 Handle => 0x0000043c Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 12 Handle => 0x0000043c Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 09:17:17,981 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x0000043c Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00c\x00m\x00d\x00.\x00e\x00x\x00e\x00\x00\x00 ValueName => ComSpec |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x002434f0 | |
| 09:17:18,011 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x002434f0 | |
| 09:17:18,011 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x002434f0 | |
| 09:17:18,011 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x002434f0 | |
| 09:17:18,011 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x0000043c Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00W\x00b\x00e\x00m\x00\x00\x00 ValueName => Path |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegEnumValueW |
Index => 2 Handle => 0x0000043c Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\x00\x00 ValueName => windir |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegEnumValueW |
Index => 3 Handle => 0x0000043c Data => N\x00O\x00\x00\x00 ValueName => FP_NO_HOST_CHECK |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegEnumValueW |
Index => 4 Handle => 0x0000043c Data => W\x00i\x00n\x00d\x00o\x00w\x00s\x00_\x00N\x00T\x00\x00\x00 ValueName => OS |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegEnumValueW |
Index => 5 Handle => 0x0000043c Data => x\x008\x006\x00\x00\x00 ValueName => PROCESSOR_ARCHITECTURE |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegEnumValueW |
Index => 6 Handle => 0x0000043c Data => 1\x005\x00\x00\x00 ValueName => PROCESSOR_LEVEL |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegEnumValueW |
Index => 7 Handle => 0x0000043c Data => x\x008\x006\x00 \x00F\x00a\x00m\x00i\x00l\x00y\x00 \x001\x005\x00 \x00M\x00o\x00d\x00e\x00l\x00 \x001\x000\x007\x00 \x00S\x00t\x00e\x00p\x00p\x00i\x00n\x00g\x00 \x001\x00,\x00 \x00A\x00u\x00t\x00h\x00e\x00n\x00t\x00i\x00c\x00A\x00M\x00D\x00\x00\x00 ValueName => PROCESSOR_IDENTIFIER |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegEnumValueW |
Index => 8 Handle => 0x0000043c Data => 6\x00b\x000\x001\x00\x00\x00 ValueName => PROCESSOR_REVISION |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegEnumValueW |
Index => 9 Handle => 0x0000043c Data => 1\x00\x00\x00 ValueName => NUMBER_OF_PROCESSORS |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegEnumValueW |
Index => 10 Handle => 0x0000043c Data => .\x00C\x00O\x00M\x00;\x00.\x00E\x00X\x00E\x00;\x00.\x00B\x00A\x00T\x00;\x00.\x00C\x00M\x00D\x00;\x00.\x00V\x00B\x00S\x00;\x00.\x00V\x00B\x00E\x00;\x00.\x00J\x00S\x00;\x00.\x00J\x00S\x00E\x00;\x00.\x00W\x00S\x00F\x00;\x00.\x00W\x00S\x00H\x00\x00\x00 ValueName => PATHEXT |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegEnumValueW |
Index => 11 Handle => 0x0000043c Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegEnumValueW |
Index => 12 Handle => 0x0000043c Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegCloseKey |
Handle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x0000043c ObjectAttributes => \Registry\Machine\System\CurrentControlSet\Control\ComputerName |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000444 ObjectAttributes => ActiveComputerName |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | NtQueryValueKey |
Information => T\x00U\x00R\x00B\x00O\x00P\x00C\x00\x00\x00 KeyHandle => 0x00000444 ValueName => ComputerName Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegOpenKeyExW |
Handle => 0x0000043c Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegQueryValueExW |
Handle => 0x0000043c Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00D\x00r\x00i\x00v\x00e\x00%\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\x00\x00 ValueName => ProfilesDirectory |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegCloseKey |
Handle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegOpenKeyExW |
Handle => 0x0000043c Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegQueryValueExW |
Handle => 0x0000043c Data => D\x00e\x00f\x00a\x00u\x00l\x00t\x00 \x00U\x00s\x00e\x00r\x00\x00\x00 ValueName => DefaultUserProfile |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegCloseKey |
Handle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegOpenKeyExW |
Handle => 0x0000043c Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegQueryValueExW |
Handle => 0x0000043c Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\x00\x00 ValueName => ProgramFilesDir |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegQueryValueExW |
Handle => 0x0000043c Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\\x00C\x00o\x00m\x00m\x00o\x00n\x00 \x00F\x00i\x00l\x00e\x00s\x00\x00\x00 ValueName => CommonFilesDir |
SUCCESS | 0x00000000 | |
| 09:17:18,011 | 1200 | RegCloseKey |
Handle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:18,021 | 1200 | RegOpenKeyExW |
Handle => 0x0000043c Registry => 0x80000003 SubKey => S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 09:17:18,021 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => PIPE\lsarpc DesiredAccess => 0xc0100080 CreateDisposition => 1 FileHandle => 0x00000448 |
SUCCESS | 0x00000000 | |
| 09:17:18,021 | 1200 | NtSetInformationFile |
FileHandle => 0x00000448 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 09:17:18,021 | 1200 | NtWriteFile |
Buffer => \x05\x00\x0b\x03\x10\x00\x00\x00H\x00\x00\x00\x01\x00\x00\x00\xb8\x10\xb8\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00xW4\x124\x12\xcd\xab\xef\x00\x01#Eg\x89\xab\x00\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00 FileHandle => 0x00000448 |
SUCCESS | 0x00000000 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000450 |
SUCCESS | 0x00000000 | |
| 09:17:18,021 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000454 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000450 |
SUCCESS | 0x00000000 | |
| 09:17:18,021 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000454 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000450 |
SUCCESS | 0x00000000 | |
| 09:17:18,021 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000454 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000450 |
SUCCESS | 0x00000000 | |
| 09:17:18,021 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000454 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000450 |
SUCCESS | 0x00000000 | |
| 09:17:18,021 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000454 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000450 |
SUCCESS | 0x00000000 | |
| 09:17:18,021 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000454 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x002434b8 | |
| 09:17:18,021 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security |
SUCCESS | 0x002434b8 | |
| 09:17:18,031 | 1200 | NtReadFile |
Buffer => \x05\x00\x0c\x03\x10\x00\x00\x00D\x00\x00\x00\x01\x00\x00\x00\xb8\x10\xb8\x10\xaaE\x00\x00\x0c\x00\PIPE\lsass\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00 FileHandle => 0x00000448 |
SUCCESS | 0x00000000 | |
| 09:17:18,031 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => PIPE\lsarpc DesiredAccess => 0xc0100080 CreateDisposition => 1 FileHandle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:18,031 | 1200 | NtSetInformationFile |
FileHandle => 0x00000444 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 09:17:18,031 | 1200 | NtWriteFile |
Buffer => \x05\x00\x0b\x03\x10\x00\x00\x00H\x00\x00\x00\x01\x00\x00\x00\xb8\x10\xb8\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00xW4\x124\x12\xcd\xab\xef\x00\x01#Eg\x89\xab\x00\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00 FileHandle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:18,031 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002434b8 | |
| 09:17:18,051 | 1200 | NtReadFile |
Buffer => \x05\x00\x0c\x03\x10\x00\x00\x00D\x00\x00\x00\x01\x00\x00\x00\xb8\x10\xb8\x10\xabE\x00\x00\x0c\x00\PIPE\lsass\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00 FileHandle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | RegOpenKeyExW |
Handle => 0x00000444 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | RegQueryValueExW |
Handle => 0x00000444 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00D\x00r\x00i\x00v\x00e\x00%\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\x00\x00 ValueName => ProfileImagePath |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | RegCloseKey |
Handle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | RegCreateKeyExW |
Handle => 0x00000444 Access => 131103 Registry => 0x0000043c Class => SubKey => Software\Microsoft\Windows NT\CurrentVersion\Winlogon |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | RegQueryValueExW |
Handle => 0x00000444 Data => 1\x00\x00\x00 ValueName => ParseAutoexec |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | RegCloseKey |
Handle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | NtCreateFile |
ShareAccess => 1 FileName => c:\autoexec.bat DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000444 FileInformation => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | NtReadFile |
Buffer => FileHandle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | RegOpenKeyExW |
Handle => 0x00000444 Registry => 0x0000043c SubKey => Environment |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x00000444 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x00000444 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | RegEnumValueW |
Index => 2 Handle => 0x00000444 DataLength => 4096 ValueName => TMP Type => 36237476 |
FAILURE | 0x00000103 | |
| 09:17:18,051 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x00000444 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings |
SUCCESS | 0x002434f0 | |
| 09:17:18,051 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings |
SUCCESS | 0x002434f0 | |
| 09:17:18,051 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x00000444 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings |
SUCCESS | 0x002434f0 | |
| 09:17:18,051 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings |
SUCCESS | 0x002434f0 | |
| 09:17:18,051 | 1200 | RegEnumValueW |
Index => 2 Handle => 0x00000444 DataLength => 4096 ValueName => TMP Type => 36237476 |
FAILURE | 0x00000103 | |
| 09:17:18,051 | 1200 | RegCloseKey |
Handle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | RegOpenKeyExW |
Handle => 0x00000444 Registry => 0x0000043c SubKey => Volatile Environment |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x00000444 Data => \\x00\\x00T\x00U\x00R\x00B\x00O\x00P\x00C\x00\x00\x00 ValueName => LOGONSERVER |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x00000444 Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => CLIENTNAME |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | RegEnumValueW |
Index => 2 Handle => 0x00000444 Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => SESSIONNAME |
SUCCESS | 0x00000000 | |
| 09:17:18,051 | 1200 | RegEnumValueW |
Index => 3 Handle => 0x00000444 Data => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => APPDATA |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegEnumValueW |
Index => 4 Handle => 0x00000444 Data => C\x00:\x00\x00\x00 ValueName => HOMEDRIVE |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegEnumValueW |
Index => 5 Handle => 0x00000444 Data => \x00\x00 ValueName => HOMESHARE |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegEnumValueW |
Index => 6 Handle => 0x00000444 Data => \\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\x00\x00 ValueName => HOMEPATH |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegEnumValueW |
Index => 7 Handle => 0x00000444 DataLength => 4096 ValueName => HOMEPATH Type => 36237476 |
FAILURE | 0x00000103 | |
| 09:17:18,061 | 1200 | RegEnumValueW |
Index => 0 Handle => 0x00000444 Data => \\x00\\x00T\x00U\x00R\x00B\x00O\x00P\x00C\x00\x00\x00 ValueName => LOGONSERVER |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegEnumValueW |
Index => 1 Handle => 0x00000444 Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => CLIENTNAME |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegEnumValueW |
Index => 2 Handle => 0x00000444 Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => SESSIONNAME |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegEnumValueW |
Index => 3 Handle => 0x00000444 Data => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => APPDATA |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegEnumValueW |
Index => 4 Handle => 0x00000444 Data => C\x00:\x00\x00\x00 ValueName => HOMEDRIVE |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegEnumValueW |
Index => 5 Handle => 0x00000444 Data => \x00\x00 ValueName => HOMESHARE |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegEnumValueW |
Index => 6 Handle => 0x00000444 Data => \\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\x00\x00 ValueName => HOMEPATH |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegEnumValueW |
Index => 7 Handle => 0x00000444 DataLength => 4096 ValueName => HOMEPATH Type => 36237476 |
FAILURE | 0x00000103 | |
| 09:17:18,061 | 1200 | RegCloseKey |
Handle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegCloseKey |
Handle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00001000 BaseAddress => 0x02620000 |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegCloseKey |
Handle => 0x00000440 |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegOpenKeyExW |
Handle => 0x00000440 Registry => 0x80000003 SubKey => S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegCreateKeyExW |
Handle => 0x0000043c Access => 33554432 Registry => 0x00000440 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegCloseKey |
Handle => 0x00000440 |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegSetValueExW |
Handle => 0x0000043c Buffer => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => AppData Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegCloseKey |
Handle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Microsoft\Network\Connections\Pbk\*.pbk |
SUCCESS | 4294967295 | |
| 09:17:18,061 | 1200 | RegCreateKeyExA |
Handle => 0x00000438 Access => 2 Registry => 0x00000430 Class => SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegSetValueExA |
Handle => 0x00000438 Buffer => 1 ValueName => MigrateProxy Type => 4 |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegCloseKey |
Handle => 0x00000438 |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegOpenKeyExA |
Handle => 0x00000438 Registry => 0x00000430 SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegQueryValueExA |
Handle => 0x00000438 Data => 0 ValueName => ProxyEnable |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegQueryValueExA |
Handle => 0x00000438 DataLength => 2084 ValueName => ProxyServer Type => 1080 |
FAILURE | 0x00000002 | |
| 09:17:18,061 | 1200 | RegQueryValueExA |
Handle => 0x00000438 DataLength => 2084 ValueName => ProxyOverride Type => 1080 |
FAILURE | 0x00000002 | |
| 09:17:18,061 | 1200 | RegQueryValueExA |
Handle => 0x00000438 DataLength => 2084 ValueName => AutoConfigURL Type => 1080 |
FAILURE | 0x00000002 | |
| 09:17:18,061 | 1200 | RegCloseKey |
Handle => 0x00000438 |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegCreateKeyExA |
Handle => 0x00000438 Access => 1 Registry => 0x00000430 Class => SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegQueryValueExA |
Handle => 0x00000438 DataLength => 56 ValueName => SavedLegacySettings Type => 3 |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegQueryValueExA |
Handle => 0x00000438 Data => ValueName => SavedLegacySettings |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegCloseKey |
Handle => 0x00000438 |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegCreateKeyExA |
Handle => 0x00000438 Access => 1 Registry => 0x00000430 Class => SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegQueryValueExA |
Handle => 0x00000438 DataLength => 56 ValueName => DefaultConnectionSettings Type => 3 |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegQueryValueExA |
Handle => 0x00000438 Data => ValueName => DefaultConnectionSettings |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegCloseKey |
Handle => 0x00000438 |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000450 |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000438 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegCreateKeyExA |
Handle => 0x00000450 Access => 131078 Registry => 0x00000430 Class => SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegSetValueExA |
Handle => 0x00000450 Buffer => 0 ValueName => ProxyEnable Type => 4 |
SUCCESS | 0x00000000 | |
| 09:17:18,061 | 1200 | RegDeleteValueA |
Handle => 0x00000450 ValueName => ProxyServer |
FAILURE | 0x00000002 | |
| 09:17:18,061 | 1200 | RegDeleteValueA |
Handle => 0x00000450 ValueName => ProxyOverride |
FAILURE | 0x00000002 | |
| 09:17:18,061 | 1200 | RegDeleteValueA |
Handle => 0x00000450 ValueName => AutoConfigURL |
FAILURE | 0x00000002 | |
| 09:17:18,091 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x002434b8 | |
| 09:17:18,091 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x002434b8 | |
| 09:17:18,091 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000438 |
SUCCESS | 0x00000000 | |
| 09:17:18,091 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x0000043c DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:18,091 | 1200 | RegCloseKey |
Handle => 0x00000450 |
SUCCESS | 0x00000000 | |
| 09:17:18,091 | 1200 | RegCreateKeyExA |
Handle => 0x00000450 Access => 2 Registry => 0x80000005 Class => SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:18,091 | 1200 | RegSetValueExA |
Handle => 0x00000450 Buffer => 0 ValueName => ProxyEnable Type => 4 |
SUCCESS | 0x00000000 | |
| 09:17:18,091 | 1200 | RegCloseKey |
Handle => 0x00000450 |
SUCCESS | 0x00000000 | |
| 09:17:18,091 | 1200 | RegCreateKeyExA |
Handle => 0x00000450 Access => 1 Registry => 0x00000430 Class => SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections |
SUCCESS | 0x00000000 | |
| 09:17:18,091 | 1200 | RegQueryValueExA |
Handle => 0x00000450 DataLength => 56 ValueName => SavedLegacySettings Type => 3 |
SUCCESS | 0x00000000 | |
| 09:17:18,091 | 1200 | RegQueryValueExA |
Handle => 0x00000450 Data => ValueName => SavedLegacySettings |
SUCCESS | 0x00000000 | |
| 09:17:18,091 | 1200 | RegCreateKeyExA |
Handle => 0x00000438 Access => 2 Registry => 0x00000430 Class => SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections |
SUCCESS | 0x00000000 | |
| 09:17:18,091 | 1200 | RegCloseKey |
Handle => 0x00000450 |
SUCCESS | 0x00000000 | |
| 09:17:18,091 | 1200 | RegSetValueExA |
Handle => 0x00000438 Buffer => ValueName => SavedLegacySettings Type => 3 |
SUCCESS | 0x00000000 | |
| 09:17:18,091 | 1200 | RegCloseKey |
Handle => 0x00000438 |
SUCCESS | 0x00000000 | |
| 09:17:18,091 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000350 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:18,091 | 1200 | LdrLoadDll |
Flags => 36240264 BaseAddress => 0x7e1e0000 FileName => urlmon.dll |
SUCCESS | 0x00000000 | |
| 09:17:18,091 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInternetCreateSecurityManager FunctionAddress => 0x7e1e30e7 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 09:17:18,091 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInternetCreateZoneManager FunctionAddress => 0x7e1e9bd7 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 09:17:18,091 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInternetIsFeatureEnabledForUrl FunctionAddress => 0x7e1ebb5e ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 09:17:18,101 | 1200 | RegOpenKeyExA |
Handle => 0x00000438 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 09:17:18,101 | 1200 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 09:17:18,101 | 1200 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 09:17:18,101 | 1200 | RegOpenKeyExA |
Handle => 0x00000450 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 09:17:18,101 | 1200 | RegOpenKeyExW |
Handle => 0x0000043c Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 09:17:18,101 | 1200 | RegQueryValueExW |
Handle => 0x0000043c DataLength => 4 ValueName => Security_HKLM_only Type => 36238380 |
FAILURE | 0x00000002 | |
| 09:17:18,101 | 1200 | RegCloseKey |
Handle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:18,101 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:18,101 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:18,101 | 1200 | RegOpenKeyExW |
Handle => 0x0000043c Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 09:17:18,101 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 09:17:18,101 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000043c SubKey => FEATURE_VALIDATE_URLHOSTNAME |
FAILURE | 0x00000002 | |
| 09:17:18,101 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 09:17:18,101 | 1200 | RegCloseKey |
Handle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:18,101 | 1200 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 09:17:18,101 | 1200 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x00000450 SubKey => Domains\adobe.com |
FAILURE | 0x00000002 | |
| 09:17:18,101 | 1200 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adobe.com |
FAILURE | 0x00000002 | |
| 09:17:18,101 | 1200 | RegQueryValueExW |
Handle => 0x00000438 Data => 1 ValueName => IntranetName |
SUCCESS | 0x00000000 | |
| 09:17:18,101 | 1200 | RegQueryValueExW |
Handle => 0x00000438 Data => 1 ValueName => ProxyBypass |
SUCCESS | 0x00000000 | |
| 09:17:18,101 | 1200 | LdrLoadDll |
Flags => 36238460 BaseAddress => 0x771b0000 FileName => WININET.dll |
SUCCESS | 0x00000000 | |
| 09:17:18,101 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => IsHostInProxyBypassList FunctionAddress => 0x771d3350 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 09:17:18,101 | 1200 | RegOpenKeyExA |
Handle => 0x0000043c Registry => 0x00000450 SubKey => ProtocolDefaults\ |
SUCCESS | 0x00000000 | |
| 09:17:18,101 | 1200 | RegQueryValueExW |
Handle => 0x0000043c Data => 3 ValueName => https |
SUCCESS | 0x00000000 | |
| 09:17:18,101 | 1200 | RegCloseKey |
Handle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:18,101 | 1200 | RegOpenKeyExA |
Handle => 0x0000043c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
SUCCESS | 0x00000000 | |
| 09:17:18,101 | 1200 | RegQueryValueExW |
Handle => 0x0000043c Data => 1 ValueName => 1A10 |
SUCCESS | 0x00000000 | |
| 09:17:18,101 | 1200 | RegCloseKey |
Handle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:18,101 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000350 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | 1 time |
| 09:17:18,101 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000364 FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | 22 times |
| 09:17:18,101 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000350 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:18,101 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000364 FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:18,101 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f810 | |
| 09:17:18,862 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f810 | |
| 09:17:18,872 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f810 | |
| 09:17:18,872 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:18,872 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:18,872 | 1200 | NtCreateFile |
ShareAccess => 1 FileName => C:\Documents and Settings\TDW\Cookies\tdw@adobe[2].txt DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:18,872 | 1200 | NtQueryInformationFile |
FileHandle => 0x0000043c FileInformation => p\x00\x00\x00\x00\x00\x00\x00k\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:18,872 | 1200 | NtSetInformationFile |
FileHandle => 0x0000043c FileInformation => |
SUCCESS | 0x00000000 | |
| 09:17:18,872 | 1200 | NtReadFile |
Buffer => s_vi
[CS]v1|29D65EC68507B15F-4000010EE001FA5C[CE]
adobe.com/
1024
839917312
30527303
1280773376
30380519
*
FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:18,882 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000350 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:18,882 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000364 FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:18,882 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f880 | |
| 09:17:18,882 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f880 | |
| 09:17:18,882 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f880 | |
| 09:17:18,892 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f880 | |
| 09:17:18,892 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:18,892 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:18,902 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f880 | |
| 09:17:18,902 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f880 | |
| 09:17:18,912 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f880 | |
| 09:17:18,912 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x0025f880 | |
| 09:17:18,912 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f880 | |
| 09:17:18,922 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f880 | |
| 09:17:18,922 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:18,922 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:18,922 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f880 | |
| 09:17:18,922 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f880 | |
| 09:17:18,922 | 1584 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f880 | |
| 09:17:18,962 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:18,962 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:19,023 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => EnableAutodial Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:19,023 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000350 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:19,023 | 1200 | getaddrinfo |
ServiceName => NodeName => service-updates.adobe.com |
FAILURE | 0x00002af9 | |
| 09:17:19,063 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f880 | |
| 09:17:19,063 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f880 | |
| 09:17:19,063 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f880 | |
| 09:17:19,063 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f880 | |
| 09:17:19,063 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security |
SUCCESS | 0x0025f880 | |
| 09:17:19,103 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f880 | |
| 09:17:19,103 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000440 |
SUCCESS | 0x00000000 | |
| 09:17:19,103 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000444 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:19,153 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f880 | |
| 09:17:19,153 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f880 | |
| 09:17:19,153 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:19,153 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000448 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:19,183 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f880 | |
| 09:17:19,183 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f880 | |
| 09:17:19,193 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f880 | |
| 09:17:19,193 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000444 |
SUCCESS | 0x00000000 | |
| 09:17:19,193 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000448 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:19,193 | 1200 | getaddrinfo |
ServiceName => NodeName => service-updates.adobe.com |
SUCCESS | 0x00000000 | |
| 09:17:19,193 | 1200 | socket |
type => 1 protocol => 6 af => 2 |
SUCCESS | 0x0000043c | |
| 09:17:19,193 | 1200 | ioctlsocket |
command => 2147772030 socket => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:19,193 | 1200 | bind |
ip => 0.0.0.0 socket => 0x0000043c port => 0 |
SUCCESS | 0x00000000 | |
| 09:17:19,193 | 1200 | NtDeviceIoControlFile |
InputBuffer => FileHandle => 0x0000043c OutputBuffer => \x01\x00\x00\x00\x01\x00\x00\x00\x0e\x00\x02\x00\x04\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:19,193 | 1200 | connect |
socket => 0x0000043c |
FAILURE | 4294967295 | |
| 09:17:19,193 | 520 | select |
socket => 0x00000001 |
SUCCESS | 0x00000001 | |
| 09:17:19,193 | 520 | WSARecv |
socket => 0x000003b0 |
SUCCESS | 0x00000000 | |
| 09:17:19,193 | 1200 | send |
buffer => ! socket => 0x000003b0 |
SUCCESS | 0x00000001 | |
| 09:17:19,193 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f880 | |
| 09:17:19,193 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f880 | |
| 09:17:19,193 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f880 | |
| 09:17:19,203 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f880 | |
| 09:17:19,203 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000454 |
SUCCESS | 0x00000000 | |
| 09:17:19,203 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000458 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:19,203 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f880 | |
| 09:17:19,203 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f880 | |
| 09:17:19,203 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f880 | |
| 09:17:19,203 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x0025f880 | |
| 09:17:19,203 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,203 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,203 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000454 |
SUCCESS | 0x00000000 | |
| 09:17:19,203 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000458 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:19,203 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,203 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,203 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,203 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000454 |
SUCCESS | 0x00000000 | |
| 09:17:19,203 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000458 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:19,203 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,203 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,203 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,203 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,203 | 1200 | NtCreateFile |
ShareAccess => 1 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\sep14cfs-c1.pdf DesiredAccess => 0x00120089 CreateDisposition => 1 FileHandle => 0x00000454 |
SUCCESS | 0x00000000 | |
| 09:17:19,203 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000458 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:19,203 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000454 FileInformation => W\x08i2\xaf\x91\xcf\x01 \xf7e\x99\x8a\xa2\xcf\x01\x17%o2\xaf\x91\xcf\x01\x17%o2\xaf\x91\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00`\x06\x00\x00\x00\x00\x00\xb6Y\x06\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\xfcK\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x89\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00~\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:19,433 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,433 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,433 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,433 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,433 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000454 |
SUCCESS | 0x00000000 | |
| 09:17:19,443 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000458 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:19,443 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000454 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x00\x1e\xe1\x96\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:19,443 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,453 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,453 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,453 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,453 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000454 |
SUCCESS | 0x00000000 | |
| 09:17:19,463 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000458 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:19,463 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000454 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80\x10E\x9a\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:19,463 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,463 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,463 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,473 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,473 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000454 |
SUCCESS | 0x00000000 | |
| 09:17:19,473 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000458 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:19,473 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000454 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xe0\x1eH\x9a\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:19,473 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,473 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,473 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,473 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f8b8 | |
| 09:17:19,473 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000454 |
SUCCESS | 0x00000000 | |
| 09:17:19,473 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000458 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:19,473 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000454 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x10\xa6I\x9a\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:20,164 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f8b8 | |
| 09:17:20,174 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f8b8 | |
| 09:17:20,174 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000454 |
SUCCESS | 0x00000000 | |
| 09:17:20,174 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000458 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:20,174 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f8b8 | |
| 09:17:20,174 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f8b8 | |
| 09:17:20,224 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f8b8 | |
| 09:17:20,224 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000454 |
SUCCESS | 0x00000000 | |
| 09:17:20,224 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000458 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:20,394 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f8b8 | |
| 09:17:20,394 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Temp |
SUCCESS | 0x0025f8b8 | |
| 09:17:21,586 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoRegisterClassObject FunctionAddress => 0x77517e90 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:17:21,586 | 1200 | RegOpenKeyExW |
Handle => 0x00000454 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 09:17:21,586 | 1200 | RegQueryValueExW |
Handle => 0x00000454 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 09:17:21,586 | 1200 | RegCloseKey |
Handle => 0x00000454 |
SUCCESS | 0x00000000 | |
| 09:17:21,586 | 1200 | RegOpenKeyExW |
Handle => 0x00000454 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 09:17:21,616 | 1200 | RegQueryValueExW |
Handle => 0x00000454 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 09:17:21,616 | 1200 | RegCloseKey |
Handle => 0x00000454 |
SUCCESS | 0x00000000 | |
| 09:17:21,616 | 1200 | RegOpenKeyExW |
Handle => 0x00000456 Registry => 0x000002aa SubKey => CLSID\{B801CA65-A1FC-11D0-85AD-444553540000} |
SUCCESS | 0x00000000 | |
| 09:17:21,616 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000456 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 09:17:21,616 | 1200 | RegOpenKeyExW |
Handle => 0x0000045a Registry => 0x000002aa SubKey => |
SUCCESS | 0x00000000 | |
| 09:17:21,616 | 1200 | RegCloseKey |
Handle => 0x00000456 |
SUCCESS | 0x00000000 | |
| 09:17:21,616 | 1200 | RegOpenKeyExW |
Handle => 0x00000456 Registry => 0x0000045a SubKey => CLSID\{B801CA65-A1FC-11D0-85AD-444553540000} |
SUCCESS | 0x00000000 | |
| 09:17:21,616 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000456 SubKey => InprocServer32 |
FAILURE | 0x00000002 | |
| 09:17:21,626 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000456 SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 09:17:21,626 | 1200 | RegOpenKeyExW |
Handle => 0x0000045e Registry => 0x00000456 SubKey => LocalServer32 |
SUCCESS | 0x00000000 | |
| 09:17:21,626 | 1200 | RegQueryValueExW |
Handle => 0x0000045e DataLength => 1000 ValueName => LocalServer32 Type => 33359984 |
FAILURE | 0x00000002 | |
| 09:17:21,626 | 1200 | RegCloseKey |
Handle => 0x0000045e |
SUCCESS | 0x00000000 | |
| 09:17:21,626 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000456 SubKey => InprocServer32 |
FAILURE | 0x00000002 | |
| 09:17:21,626 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000456 SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 09:17:21,626 | 1200 | RegOpenKeyExW |
Handle => 0x0000045e Registry => 0x00000456 SubKey => InprocHandler32 |
SUCCESS | 0x00000000 | |
| 09:17:21,626 | 1200 | RegQueryValueExW |
Handle => 0x0000045e Data => o\x00l\x00e\x003\x002\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:17:21,626 | 1200 | RegCloseKey |
Handle => 0x0000045e |
SUCCESS | 0x00000000 | |
| 09:17:21,626 | 1200 | RegOpenKeyExW |
Handle => 0x0000045e Registry => 0x00000456 SubKey => LocalServer32 |
SUCCESS | 0x00000000 | |
| 09:17:21,626 | 1200 | RegQueryValueExW |
Handle => 0x0000045e Data => "\x00C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\\x00A\x00d\x00o\x00b\x00e\x00\\x00R\x00e\x00a\x00d\x00e\x00r\x00 \x001\x001\x00.\x000\x00\\x00R\x00e\x00a\x00d\x00e\x00r\x00\\x00A\x00c\x00r\x00o\x00R\x00d\x003\x002\x00.\x00e\x00x\x00e\x00"\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:17:21,626 | 1200 | RegCloseKey |
Handle => 0x0000045e |
SUCCESS | 0x00000000 | |
| 09:17:21,626 | 1200 | RegCloseKey |
Handle => 0x00000456 |
SUCCESS | 0x00000000 | |
| 09:17:21,626 | 1200 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\WINDOWS\system32\winlogon.exe |
FAILURE | 3221225781 | 1 time |
| 09:17:21,646 | 1200 | RegOpenKeyExW |
Handle => 0x00000460 Registry => 0x80000002 SubKey => Software\Microsoft\Ole |
SUCCESS | 0x00000000 | |
| 09:17:21,646 | 1200 | RegQueryValueExW |
Handle => 0x00000460 DataLength => 4 ValueName => MaximumAllowedAllocationSize Type => 36238932 |
FAILURE | 0x00000002 | |
| 09:17:21,646 | 1200 | RegCloseKey |
Handle => 0x00000460 |
SUCCESS | 0x00000000 | |
| 09:17:21,646 | 1200 | LdrLoadDll |
Flags => 36238896 BaseAddress => 0x02720000 FileName => xpsp2res.dll |
SUCCESS | 0x00000000 | |
| 09:17:21,646 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000000 SubKey => AppID\AcroRd32.exe |
FAILURE | 0x00000002 | |
| 09:17:21,646 | 1200 | RegOpenKeyExW |
Handle => 0x00000464 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\OLE |
SUCCESS | 0x00000000 | |
| 09:17:21,646 | 1200 | RegQueryValueExW |
Handle => 0x00000464 DataLength => 256 ValueName => DefaultAccessPermission Type => 33394024 |
FAILURE | 0x00000002 | |
| 09:17:21,646 | 1200 | RegCloseKey |
Handle => 0x00000464 |
SUCCESS | 0x00000000 | |
| 09:17:21,646 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => PIPE\lsarpc DesiredAccess => 0xc0100080 CreateDisposition => 1 FileHandle => 0x00000468 |
SUCCESS | 0x00000000 | |
| 09:17:21,646 | 1200 | NtSetInformationFile |
FileHandle => 0x00000468 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 09:17:21,656 | 1200 | NtWriteFile |
Buffer => \x05\x00\x0b\x03\x10\x00\x00\x00H\x00\x00\x00\x01\x00\x00\x00\xb8\x10\xb8\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00xW4\x124\x12\xcd\xab\xef\x00\x01#Eg\x89\xab\x00\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00 FileHandle => 0x00000468 |
SUCCESS | 0x00000000 | |
| 09:17:21,656 | 1200 | NtReadFile |
Buffer => \x05\x00\x0c\x03\x10\x00\x00\x00D\x00\x00\x00\x01\x00\x00\x00\xb8\x10\xb8\x10\xacE\x00\x00\x0c\x00\PIPE\lsass\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00 FileHandle => 0x00000468 |
SUCCESS | 0x00000000 | |
| 09:17:21,656 | 1200 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000464 ObjectAttributes => \Registry\Machine\System\CurrentControlSet\Control\ComputerName |
SUCCESS | 0x00000000 | |
| 09:17:21,656 | 1200 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000468 ObjectAttributes => ActiveComputerName |
SUCCESS | 0x00000000 | |
| 09:17:21,656 | 1200 | NtQueryValueKey |
Information => T\x00U\x00R\x00B\x00O\x00P\x00C\x00\x00\x00 KeyHandle => 0x00000468 ValueName => ComputerName Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:21,656 | 1200 | CreateThread |
ThreadId => 1904 StartRoutine => 0x77e76c7d Parameter => 0x001ef748 CreationFlags => 0 |
SUCCESS | 0x00000460 | |
| 09:17:21,656 | 1200 | LdrLoadDll |
Flags => 36239812 BaseAddress => 0x774e0000 FileName => OLE32 |
SUCCESS | 0x00000000 | |
| 09:17:21,656 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoGetClassObject FunctionAddress => 0x775156c5 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:17:21,656 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoGetMarshalSizeMax FunctionAddress => 0x7752d6c0 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:17:21,656 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoMarshalInterface FunctionAddress => 0x7750ea71 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:17:21,656 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoUnmarshalInterface FunctionAddress => 0x7752d7f4 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:17:21,656 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => StringFromIID FunctionAddress => 0x7754659b ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:17:21,656 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoGetPSClsid FunctionAddress => 0x775197f0 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:17:21,656 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoTaskMemAlloc FunctionAddress => 0x774fd060 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:17:21,656 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoTaskMemFree FunctionAddress => 0x774fd044 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:17:21,656 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoCreateInstance FunctionAddress => 0x7750057e ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:17:21,656 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoReleaseMarshalData FunctionAddress => 0x7750df23 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:17:21,656 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DcomChannelSetHResult FunctionAddress => 0x7752b1b7 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:17:21,666 | 1200 | CreateThread |
ThreadId => 1908 StartRoutine => 0x774fe43b Parameter => 0x001e5dc8 CreationFlags => 0 |
SUCCESS | 0x00000474 | |
| 09:17:21,676 | 1200 | RegCloseKey |
Handle => 0x0000045a |
SUCCESS | 0x00000000 | |
| 09:17:21,676 | 1200 | RegOpenKeyExW |
Handle => 0x00000458 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 09:17:21,676 | 1200 | RegQueryValueExW |
Handle => 0x00000458 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1908 | LdrLoadDll |
Flags => 46071668 BaseAddress => 0x774e0000 FileName => OLE32.DLL |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1908 | NtDelayExecution |
Milliseconds => 60000 |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1200 | RegCloseKey |
Handle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1200 | RegOpenKeyExW |
Handle => 0x00000458 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1200 | RegQueryValueExW |
Handle => 0x00000458 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1200 | RegCloseKey |
Handle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1200 | RegOpenKeyExW |
Handle => 0x0000045a Registry => 0x000002aa SubKey => CLSID\{B801CA65-A1FC-11D0-85AD-444553540000} |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000045a SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 09:17:21,716 | 1200 | RegOpenKeyExW |
Handle => 0x0000047e Registry => 0x000002aa SubKey => |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1200 | RegCloseKey |
Handle => 0x0000045a |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1200 | RegOpenKeyExW |
Handle => 0x0000045a Registry => 0x0000047e SubKey => CLSID\{B801CA65-A1FC-11D0-85AD-444553540000} |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000045a SubKey => InprocServer32 |
FAILURE | 0x00000002 | |
| 09:17:21,716 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000045a SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 09:17:21,716 | 1200 | RegOpenKeyExW |
Handle => 0x00000482 Registry => 0x0000045a SubKey => LocalServer32 |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1200 | RegQueryValueExW |
Handle => 0x00000482 DataLength => 1000 ValueName => LocalServer32 Type => 33359984 |
FAILURE | 0x00000002 | |
| 09:17:21,716 | 1200 | RegCloseKey |
Handle => 0x00000482 |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000045a SubKey => InprocServer32 |
FAILURE | 0x00000002 | |
| 09:17:21,716 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000045a SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 09:17:21,716 | 1200 | RegOpenKeyExW |
Handle => 0x00000482 Registry => 0x0000045a SubKey => InprocHandler32 |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1200 | RegQueryValueExW |
Handle => 0x00000482 Data => o\x00l\x00e\x003\x002\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1200 | RegCloseKey |
Handle => 0x00000482 |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1200 | RegOpenKeyExW |
Handle => 0x00000482 Registry => 0x0000045a SubKey => LocalServer32 |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1200 | RegQueryValueExW |
Handle => 0x00000482 Data => "\x00C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\\x00A\x00d\x00o\x00b\x00e\x00\\x00R\x00e\x00a\x00d\x00e\x00r\x00 \x001\x001\x00.\x000\x00\\x00R\x00e\x00a\x00d\x00e\x00r\x00\\x00A\x00c\x00r\x00o\x00R\x00d\x003\x002\x00.\x00e\x00x\x00e\x00"\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1200 | RegCloseKey |
Handle => 0x00000482 |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1200 | RegCloseKey |
Handle => 0x0000045a |
SUCCESS | 0x00000000 | |
| 09:17:21,716 | 1200 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoResumeClassObjects FunctionAddress => 0x77526d50 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 09:17:21,736 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,736 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:21,736 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:21,736 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:21,736 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,736 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,736 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000458 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@-K\x9a\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:21,736 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,736 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:21,736 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:21,736 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:21,736 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,736 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,736 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000458 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@-K\x9a\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:21,776 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,776 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,776 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,776 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x0025f928 | |
| 09:17:21,776 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,776 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,776 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,776 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x0025f928 | |
| 09:17:21,776 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,776 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,776 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\A9R65E4.tmp |
SUCCESS | 4294967295 | |
| 09:17:21,837 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,887 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,897 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,897 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,897 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x0025f928 | |
| 09:17:21,897 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,897 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,897 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,897 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,897 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,897 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,897 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,897 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,897 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,897 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,897 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,897 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,897 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x0025f928 | |
| 09:17:21,907 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,907 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,907 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,907 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,907 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,907 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,907 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,907 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,907 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,907 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,907 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,907 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,907 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,917 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,917 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,917 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,917 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,917 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:21,917 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:21,927 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,927 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,927 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,927 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,927 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,927 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x0025f928 | |
| 09:17:21,927 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,927 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,927 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,927 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,937 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,937 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,937 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,937 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,937 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,947 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,947 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,947 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,947 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,947 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f928 | |
| 09:17:21,947 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:21,947 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,007 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:22,007 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,007 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f928 | |
| 09:17:22,007 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x0025f928 | |
| 09:17:22,007 | 1200 | NtCreateFile |
ShareAccess => 0 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\sep14cfs-c1.pdf DesiredAccess => 0x00100080 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,007 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,007 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Temp |
SUCCESS | 0x0025f928 | |
| 09:17:22,007 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,007 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Temp |
SUCCESS | 0x0025f928 | |
| 09:17:22,007 | 1200 | NtCreateFile |
ShareAccess => 0 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\sep14cfs-c1.pdf DesiredAccess => 0x00100080 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,007 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,007 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Temp |
SUCCESS | 0x0025f928 | |
| 09:17:22,097 | 1200 | RegCreateKeyExW |
Handle => 0x00000458 Access => 131078 Registry => 0x80000001 Class => SubKey => Software\Adobe\Acrobat Reader\11.0\AVGeneral |
SUCCESS | 0x00000000 | |
| 09:17:22,097 | 1200 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000458 SubKey => cRecentFiles |
FAILURE | 0x00000002 | |
| 09:17:22,097 | 1200 | RegCreateKeyExW |
Handle => 0x00000480 Access => 131078 Registry => 0x80000001 Class => SubKey => Software\Adobe\Acrobat Reader\11.0\AVGeneral\cRecentFiles\c1 |
SUCCESS | 0x00000000 | |
| 09:17:22,097 | 1200 | RegSetValueExW |
Handle => 0x00000480 Buffer => D\x00O\x00S\x00\x00\x00 ValueName => aFS Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:22,097 | 1200 | RegSetValueExW |
Handle => 0x00000480 Buffer => /\x00C\x00/\x00D\x00O\x00C\x00U\x00M\x00E\x00~\x001\x00/\x00T\x00D\x00W\x00/\x00L\x00O\x00C\x00A\x00L\x00S\x00~\x001\x00/\x00T\x00e\x00m\x00p\x00/\x00s\x00e\x00p\x001\x004\x00c\x00f\x00s\x00-\x00c\x001\x00.\x00p\x00d\x00f\x00\x00\x00 ValueName => tDIText Type => 1 |
SUCCESS | 0x00000000 | |
| 09:17:22,107 | 1200 | RegSetValueExW |
Handle => 0x00000480 Buffer => ValueName => sDI Type => 3 |
SUCCESS | 0x00000000 | |
| 09:17:22,107 | 1200 | RegSetValueExW |
Handle => 0x00000480 Buffer => ValueName => sDate Type => 3 |
SUCCESS | 0x00000000 | |
| 09:17:22,107 | 1200 | RegSetValueExW |
Handle => 0x00000480 Buffer => 416182 ValueName => uFileSize Type => 4 |
SUCCESS | 0x00000000 | |
| 09:17:22,107 | 1200 | RegSetValueExW |
Handle => 0x00000480 Buffer => 1 ValueName => uPageCount Type => 4 |
SUCCESS | 0x00000000 | |
| 09:17:22,107 | 1200 | RegCloseKey |
Handle => 0x00000480 |
SUCCESS | 0x00000000 | |
| 09:17:22,107 | 1200 | RegCloseKey |
Handle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,187 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:22,187 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,187 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f928 | |
| 09:17:22,187 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x0025f928 | |
| 09:17:22,187 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,187 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,187 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f928 | |
| 09:17:22,187 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,187 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f928 | |
| 09:17:22,187 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x0025f928 | |
| 09:17:22,207 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,207 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,207 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,207 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,217 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,217 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,217 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,217 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:22,217 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:22,217 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:22,217 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,217 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,217 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000458 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01p\xfe\xa2\x9b\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:22,217 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,217 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:22,217 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:22,217 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:22,217 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,217 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,227 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000458 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01pW\xec\x9b\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:22,227 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,227 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:22,227 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:22,227 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:22,227 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,227 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,227 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000458 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa0\xde\xed\x9b\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:22,227 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,227 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:22,227 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:22,227 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:22,237 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,237 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,237 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000458 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa0\xde\xed\x9b\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \xd6\xd1\x96\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:22,237 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,237 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:22,237 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:22,237 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:22,237 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,237 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,237 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000458 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xd0e\xef\x9b\x8a\xa2\xcf\x01\xd0e\xef\x9b\x8a\xa2\xcf\x01\xd0e\xef\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00YL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:22,287 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,287 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:22,287 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:22,287 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:22,287 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,287 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:22,287 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:22,297 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:22,297 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,297 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,297 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,297 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:22,297 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:22,297 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,297 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,297 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,297 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:22,297 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:22,297 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,297 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,297 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:22,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:22,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:22,307 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,307 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:22,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:22,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:22,307 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,307 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:22,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:22,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:22,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:22,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:22,317 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:22,317 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\assets DesiredAccess => 0x00100001 CreateDisposition => 2 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,317 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,698 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,698 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:22,698 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:22,698 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:22,698 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,698 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,698 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000458 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:22,698 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,698 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:22,698 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:22,708 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:22,708 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,708 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,708 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000458 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01p\xb05\x9c\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:22,708 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,708 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:22,708 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:22,708 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:22,708 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,708 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,708 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000458 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa077\x9c\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:22,708 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f928 | |
| 09:17:22,718 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f928 | |
| 09:17:22,718 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f928 | |
| 09:17:22,718 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f928 | |
| 09:17:22,718 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,718 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,718 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000458 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa077\x9c\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:22,718 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000350 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:22,718 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f960 | |
| 09:17:22,728 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f960 | |
| 09:17:22,728 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f960 | |
| 09:17:22,728 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x0025f960 | |
| 09:17:22,728 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f960 | |
| 09:17:22,728 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f960 | |
| 09:17:22,728 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f960 | |
| 09:17:22,728 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x0025f960 | |
| 09:17:22,728 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,728 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,728 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\A9R65E5.tmp |
SUCCESS | 4294967295 | |
| 09:17:22,728 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f960 | |
| 09:17:22,728 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f960 | |
| 09:17:22,728 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f960 | |
| 09:17:22,728 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x0025f960 | |
| 09:17:22,728 | 1200 | NtCreateFile |
ShareAccess => 0 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\A9R65E5.tmp DesiredAccess => 0x0012019f CreateDisposition => 5 FileHandle => 0x00000458 |
SUCCESS | 0x00000000 | |
| 09:17:22,728 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000480 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:22,728 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000458 FileInformation => \x00F:\x9c\x8a\xa2\xcf\x01\x00F:\x9c\x8a\xa2\xcf\x01\x00F:\x9c\x8a\xa2\xcf\x01\x00F:\x9c\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00ZL\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x90\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:22,738 | 1200 | OpenSCManagerW |
MachineName => DatabaseName => DesiredAccess => 2147483648 |
SUCCESS | 0x00243d00 | |
| 09:17:22,738 | 1200 | OpenServiceW |
ServiceControlManager => 0x00243d00 ServiceName => RASMAN DesiredAccess => 4 |
SUCCESS | 0x00243c88 | |
| 09:17:22,748 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => EnableAutodial Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:22,748 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000350 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:22,748 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => EnableAutodial Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:22,748 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000350 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:22,748 | 1200 | getaddrinfo |
ServiceName => NodeName => acroipm2.adobe.com |
FAILURE | 0x00002af9 | |
| 09:17:22,808 | 1200 | getaddrinfo |
ServiceName => NodeName => acroipm2.adobe.com |
SUCCESS | 0x00000000 | |
| 09:17:22,808 | 1200 | socket |
type => 1 protocol => 6 af => 2 |
SUCCESS | 0x0000048c | |
| 09:17:22,808 | 1200 | ioctlsocket |
command => 2147772030 socket => 0x0000048c |
SUCCESS | 0x00000000 | |
| 09:17:22,808 | 1200 | bind |
ip => 0.0.0.0 socket => 0x0000048c port => 0 |
SUCCESS | 0x00000000 | |
| 09:17:22,808 | 1200 | NtDeviceIoControlFile |
InputBuffer => FileHandle => 0x0000048c OutputBuffer => \x01\x00\x00\x00\x01\x00\x00\x00\x0e\x00\x02\x00\x04\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:22,808 | 1200 | connect |
socket => 0x0000048c |
FAILURE | 4294967295 | |
| 09:17:22,818 | 520 | select |
socket => 0x00000002 |
SUCCESS | 0x00000001 | |
| 09:17:22,818 | 520 | WSARecv |
socket => 0x000003b0 |
SUCCESS | 0x00000000 | |
| 09:17:22,818 | 1200 | send |
buffer => ! socket => 0x000003b0 |
SUCCESS | 0x00000001 | |
| 09:17:23,499 | 1200 | NtCreateKey |
ObjectAttributes => Software\Adobe\Acrobat Reader\11.0\ServicesRdr DesiredAccess => 196639 KeyHandle => 0x00000498 Class => |
SUCCESS | 0x00000000 | |
| 09:17:23,499 | 1200 | NtCreateKey |
ObjectAttributes => ccom_2E_adobe DesiredAccess => 196639 KeyHandle => 0x00000498 Class => |
SUCCESS | 0x00000000 | |
| 09:17:23,499 | 1200 | NtCreateKey |
ObjectAttributes => ccom_2E_adobe_2E_acrobat_2E_services_2E_DEXShare DesiredAccess => 196639 KeyHandle => 0x00000498 Class => |
SUCCESS | 0x00000000 | |
| 09:17:23,499 | 1200 | NtCreateKey |
ObjectAttributes => cSharePanel DesiredAccess => 196639 KeyHandle => 0x00000498 Class => |
SUCCESS | 0x00000000 | |
| 09:17:23,509 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f9d0 | |
| 09:17:23,509 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:23,509 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f9d0 | |
| 09:17:23,509 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x0025f9d0 | |
| 09:17:23,509 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:23,509 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:23,559 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f9d0 | |
| 09:17:23,559 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:23,559 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f9d0 | |
| 09:17:23,559 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x0025f9d0 | |
| 09:17:23,569 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:23,569 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:23,579 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1 |
SUCCESS | 0x0025f9d0 | |
| 09:17:23,579 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:23,579 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1 |
SUCCESS | 0x0025f9d0 | |
| 09:17:23,579 | 1200 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp |
SUCCESS | 0x0025f9d0 | |
| 09:17:23,579 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temp\ DesiredAccess => 0x00100001 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:23,579 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:23,609 | 1200 | NtOpenKey |
DesiredAccess => 65547 KeyHandle => 0x00000498 ObjectAttributes => Software\Adobe\Adobe Synchronizer\11.0\CredentialsV2 |
SUCCESS | 0x00000000 | |
| 09:17:23,609 | 1200 | NtCreateKey |
ObjectAttributes => Software\Adobe\Acrobat Reader\11.0\ServicesRdr DesiredAccess => 196639 KeyHandle => 0x00000498 Class => |
SUCCESS | 0x00000000 | |
| 09:17:23,609 | 1200 | NtCreateKey |
ObjectAttributes => ccom_2E_adobe DesiredAccess => 196639 KeyHandle => 0x00000498 Class => |
SUCCESS | 0x00000000 | |
| 09:17:23,609 | 1200 | NtCreateKey |
ObjectAttributes => ccom_2E_adobe_2E_acrobat_2E_services_2E_DEXShare DesiredAccess => 196639 KeyHandle => 0x00000498 Class => |
SUCCESS | 0x00000000 | |
| 09:17:23,619 | 1200 | NtCreateKey |
ObjectAttributes => cSharePanel DesiredAccess => 196639 KeyHandle => 0x00000498 Class => |
SUCCESS | 0x00000000 | |
| 09:17:23,649 | 1200 | NtCreateKey |
ObjectAttributes => Software\Adobe\Acrobat Reader\11.0\ServicesRdr DesiredAccess => 196639 KeyHandle => 0x00000498 Class => |
SUCCESS | 0x00000000 | |
| 09:17:23,649 | 1200 | NtCreateKey |
ObjectAttributes => ccom_2E_adobe DesiredAccess => 196639 KeyHandle => 0x00000498 Class => |
SUCCESS | 0x00000000 | |
| 09:17:23,649 | 1200 | NtCreateKey |
ObjectAttributes => ccom_2E_adobe_2E_acrobat_2E_services_2E_DEXShare DesiredAccess => 196639 KeyHandle => 0x00000498 Class => |
SUCCESS | 0x00000000 | |
| 09:17:23,649 | 1200 | NtCreateKey |
ObjectAttributes => cSharePanel DesiredAccess => 196639 KeyHandle => 0x00000498 Class => |
SUCCESS | 0x00000000 | |
| 09:17:24,691 | 1200 | FindFirstFileExW |
FileName => C:\WINDOWS |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,691 | 1200 | FindFirstFileExW |
FileName => C:\WINDOWS\system32 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,691 | 1200 | FindFirstFileExW |
FileName => C:\WINDOWS\system32\shell32.dll |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,691 | 1200 | FindFirstFileExW |
FileName => C:\WINDOWS |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,701 | 1200 | FindFirstFileExW |
FileName => C:\WINDOWS\system32 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,701 | 1200 | FindFirstFileExW |
FileName => C:\WINDOWS\system32\shell32.dll |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,701 | 1200 | FindFirstFileExW |
FileName => C:\WINDOWS |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,701 | 1200 | FindFirstFileExW |
FileName => C:\WINDOWS\system32 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,701 | 1200 | FindFirstFileExW |
FileName => C:\WINDOWS\system32\shell32.dll |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,701 | 1200 | FindFirstFileExW |
FileName => C:\WINDOWS |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,701 | 1200 | FindFirstFileExW |
FileName => C:\WINDOWS\system32 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,701 | 1200 | FindFirstFileExW |
FileName => C:\WINDOWS\system32\shell32.dll |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,721 | 1200 | FindFirstFileExW |
FileName => C:\WINDOWS |
SUCCESS | 0x0025f9d0 | 3 times |
| 09:17:24,811 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,811 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,811 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,811 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,811 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,811 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,811 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0\xbe8\x9c\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,811 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,811 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,811 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,811 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,811 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,811 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,811 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0\xbe8\x9c\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,821 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,821 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,821 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,821 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,821 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,821 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,821 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x00\x1dx\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,841 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,841 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,841 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,841 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,841 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,841 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,841 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010\xa4y\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,841 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,841 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,841 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,841 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,841 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,841 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,851 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010\xa4y\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,851 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,851 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,851 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,851 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,851 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,851 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,851 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc09~\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,871 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,871 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,871 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,871 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,871 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,871 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,871 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc09~\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,871 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,871 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,871 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,871 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,871 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,871 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,871 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc09~\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,871 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,871 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,871 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,871 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,871 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,871 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,871 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 H\x81\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,881 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,881 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,881 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,881 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,881 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,881 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,881 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 H\x81\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,881 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,881 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,881 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,881 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,881 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,881 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,881 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 H\x81\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,891 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,891 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,891 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,891 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,891 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,891 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,891 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80V\x84\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,891 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,891 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,901 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,901 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,901 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,901 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,901 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80V\x84\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,901 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,901 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,901 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,901 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,901 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,901 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,901 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80V\x84\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,911 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,911 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,911 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,911 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,911 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,911 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,911 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xe0d\x87\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,931 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,931 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,931 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,931 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,931 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,931 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,931 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xe0d\x87\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,931 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,931 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,931 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,931 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,931 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,931 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,931 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xe0d\x87\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,931 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,931 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,931 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,931 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,931 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,931 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,931 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@s\x8a\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,941 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,941 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,941 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,941 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,941 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,941 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,941 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@s\x8a\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,941 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,941 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,951 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,951 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,951 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,951 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,951 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@s\x8a\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,971 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,971 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,971 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,971 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,971 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,971 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,971 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa0\x81\x8d\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,971 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,971 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,971 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,971 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,971 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,971 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,971 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa0\x81\x8d\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,971 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,971 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,971 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,971 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,971 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,971 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,971 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x00\x90\x90\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,971 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,981 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,981 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,981 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,981 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,981 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,981 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x00\x90\x90\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,981 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,981 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,981 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,981 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,981 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,981 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,991 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010\x17\x92\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:24,991 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,991 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,991 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,991 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:24,991 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:24,991 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:24,991 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010\x17\x92\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,001 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,001 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,001 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,001 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,001 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,001 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,001 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`\x9e\x93\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,001 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,001 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,001 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,001 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,001 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,001 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,001 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`\x9e\x93\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,011 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,011 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,011 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,011 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,011 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,011 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,011 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc0\xac\x96\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,011 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,011 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,011 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,011 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,011 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,011 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,011 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc0\xac\x96\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,021 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,021 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,021 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,021 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,031 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,031 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,031 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xf03\x98\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,081 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,081 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,081 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,081 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,081 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,081 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,081 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \xbb\x99\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,081 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,081 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,081 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,091 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,091 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,091 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,091 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \xbb\x99\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,091 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,091 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,091 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,091 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,091 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,091 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,091 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@\xe6\xa2\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,111 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,111 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,111 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,111 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,111 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,111 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,111 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@\xe6\xa2\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,111 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,111 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,111 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,111 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,111 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,111 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,111 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@\xe6\xa2\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,121 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,121 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,121 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,121 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,121 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,121 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,121 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0{\xa7\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,131 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,131 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,131 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,131 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,131 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,131 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,131 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0{\xa7\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,131 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,141 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,141 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,141 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,141 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,141 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,141 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0{\xa7\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,141 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,141 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,141 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,141 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,141 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,141 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,141 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010\x8a\xaa\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,161 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,161 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,161 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,161 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,161 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,161 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,161 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010\x8a\xaa\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,161 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,161 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,171 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,171 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,171 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,171 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,171 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x98\xad\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,171 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,171 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,171 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,171 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,171 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,181 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,181 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc0\x1f\xaf\x9d\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01\xc0 \xf7\x9b\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,181 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,181 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,181 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,181 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,201 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,201 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,201 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xf0\xa6\xb0\x9d\x8a\xa2\xcf\x01\xf0\xa6\xb0\x9d\x8a\xa2\xcf\x01\xf0\xa6\xb0\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,211 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,211 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,211 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,211 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,211 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,211 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,211 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,221 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,221 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,221 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,221 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,221 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,221 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,221 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,221 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,221 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,221 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80<\xb5\x9d\x8a\xa2\xcf\x01\x80<\xb5\x9d\x8a\xa2\xcf\x01\x80<\xb5\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,221 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,221 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,221 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,221 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,221 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,231 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,231 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xb0\xc3\xb6\x9d\x8a\xa2\xcf\x01\x80<\xb5\x9d\x8a\xa2\xcf\x01\x80<\xb5\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,231 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,231 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,231 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,231 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,231 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,231 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,231 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xe0J\xb8\x9d\x8a\xa2\xcf\x01\xe0J\xb8\x9d\x8a\xa2\xcf\x01\xe0J\xb8\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,241 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,241 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,241 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,241 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,241 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,241 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,241 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,241 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,241 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,241 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,241 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,241 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,241 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,241 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,241 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,241 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,241 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,251 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,251 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,251 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,251 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,251 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,251 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,251 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,251 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,251 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,251 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,251 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,251 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,251 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,251 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@Y\xbb\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,282 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,282 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,282 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,282 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,282 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,282 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,282 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01p\xe0\xbc\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,292 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,292 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,292 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,292 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,292 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,292 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,292 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01p\xe0\xbc\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,302 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,302 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,302 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,302 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,302 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,302 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,302 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010\xfd\xc2\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,322 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,322 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,322 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,322 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,322 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,322 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,322 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010\xfd\xc2\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,322 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,322 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,322 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,322 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,332 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,332 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,332 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010\xfd\xc2\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,332 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,332 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,332 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,332 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,332 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,332 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,342 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc0\x92\xc7\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,352 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,352 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,352 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,352 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,352 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,352 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,352 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xf0\x19\xc9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,352 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,352 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,352 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,352 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,352 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,362 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,362 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xf0\x19\xc9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,362 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,362 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,362 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,362 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,362 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,362 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,372 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01P(\xcc\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,372 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,372 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,372 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,372 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,372 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,372 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,372 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80\xaf\xcd\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,382 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,382 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,382 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,382 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,382 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,382 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,382 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80\xaf\xcd\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,382 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,382 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,392 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,392 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,392 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,392 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,392 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xb06\xcf\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,402 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,402 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,402 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,402 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,402 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,402 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,402 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xe0\xbd\xd0\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,402 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,402 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,402 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,402 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,412 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,412 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,412 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xe0\xbd\xd0\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,412 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,412 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,412 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,412 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,412 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,412 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,412 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@\xcc\xd3\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,432 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,432 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,432 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,432 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,432 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,432 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,432 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@\xcc\xd3\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,432 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,432 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,432 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,432 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,432 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,432 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,432 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@\xcc\xd3\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,442 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,442 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,442 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,442 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,442 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,442 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,442 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0a\xd8\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,442 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,442 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,442 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,442 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,442 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,442 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,442 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0a\xd8\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,442 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,452 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,452 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,452 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,452 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,452 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,452 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0a\xd8\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,452 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,452 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,452 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,452 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,452 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,452 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,452 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x00\xe9\xd9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,462 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,462 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,462 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,462 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,462 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,462 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,462 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x00\xe9\xd9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,472 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,472 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,472 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,472 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,472 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,472 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,472 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010p\xdb\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,472 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,472 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,472 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,472 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,472 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,472 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,472 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010p\xdb\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,482 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,482 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,482 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,482 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,482 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,482 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,482 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`\xf7\xdc\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,482 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,482 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,482 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,482 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,482 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,482 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,482 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`\xf7\xdc\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,722 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,722 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,722 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,722 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,722 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,722 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,722 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc0\x05\xe0\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,722 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,722 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,722 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,722 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,722 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,722 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,722 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x10+\x03\x9e\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,752 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,752 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,752 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,752 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,752 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,752 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,752 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa0\xc0\x07\x9e\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01\x10\xd2\xb9\x9d\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,752 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,752 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,752 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,752 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,752 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,752 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,752 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xa0\xc0\x07\x9e\x8a\xa2\xcf\x01\xa0\xc0\x07\x9e\x8a\xa2\xcf\x01\xa0\xc0\x07\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,872 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,872 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,872 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,872 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,882 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,882 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,882 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,882 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,882 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,882 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,882 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,882 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,882 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,882 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,882 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,882 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,882 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xe0\x16\x1a\x9e\x8a\xa2\xcf\x01\xe0\x16\x1a\x9e\x8a\xa2\xcf\x01\xe0\x16\x1a\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,882 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,882 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,882 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,882 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,882 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,882 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,882 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x10\x9e\x1b\x9e\x8a\xa2\xcf\x01\xe0\x16\x1a\x9e\x8a\xa2\xcf\x01\xe0\x16\x1a\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,882 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,882 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,882 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,882 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,882 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,882 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,882 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\x10\x9e\x1b\x9e\x8a\xa2\xcf\x01\x10\x9e\x1b\x9e\x8a\xa2\xcf\x01\x10\x9e\x1b\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,892 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,892 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,892 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,892 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,892 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,892 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,892 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,892 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,892 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,892 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,983 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,983 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,983 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,983 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,983 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,983 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,983 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,983 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,983 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,983 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,983 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,983 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,983 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,983 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,993 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,993 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,993 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,993 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,993 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,993 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,993 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 m,\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,993 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,993 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,993 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,993 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:25,993 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:25,993 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:25,993 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 m,\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:25,993 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,003 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,003 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,003 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,003 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,003 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,003 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 m,\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,003 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,003 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,013 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,013 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,013 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,013 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,013 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01P\xf4-\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,013 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,013 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,013 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,013 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,013 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,013 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,013 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01P\xf4-\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,033 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,033 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,033 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,033 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,033 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,033 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,033 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80{/\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,033 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,033 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,033 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,033 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,033 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,033 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,033 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80{/\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,033 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,033 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,033 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,033 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,033 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,033 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,033 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xe0\x892\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,043 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,043 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xe0\x892\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,043 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,043 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xe0\x892\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,043 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,043 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x10\x114\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,043 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,043 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x10\x114\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,043 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,043 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,043 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x10\x114\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,053 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,053 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,053 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,053 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,053 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,053 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,053 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@\x985\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,053 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,053 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,053 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,053 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,053 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,053 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,063 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@\x985\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,073 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,073 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,073 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,073 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,073 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,073 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,073 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01p\x1f7\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,073 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,073 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,073 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,073 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,073 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,073 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,073 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01p\x1f7\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,083 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,083 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,083 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,083 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,083 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,083 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,083 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0-:\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,083 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,083 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,083 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,083 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,083 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,083 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,083 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0-:\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,093 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,093 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,093 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,093 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,093 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,093 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,093 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0-:\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,093 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,093 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,093 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,093 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,093 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,093 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,093 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x00\xb5;\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,103 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,103 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,103 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,103 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,103 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,103 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,103 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x00\xb5;\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,103 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,103 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,103 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,103 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,103 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,103 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,103 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x00\xb5;\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,103 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,103 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,103 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,103 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,103 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,103 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,103 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010<=\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,113 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,113 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,113 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,113 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,113 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,113 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,113 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`\xc3>\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,113 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,113 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,113 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,113 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,113 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,113 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,113 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`\xc3>\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,123 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,123 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,123 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,123 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,123 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,123 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,123 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90J@\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,123 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,123 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,123 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,123 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,123 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,123 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,123 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90J@\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,133 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,133 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,133 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,133 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,133 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,133 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,133 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc0\xd1A\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,143 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,143 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,143 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,143 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,143 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,143 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,143 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc0\xd1A\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,143 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,143 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,143 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,143 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,143 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,143 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,143 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc0\xd1A\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,153 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,153 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,153 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,153 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,153 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,153 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,153 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \xe0D\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,163 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,163 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,163 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,163 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,163 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,163 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,163 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \xe0D\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,163 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,163 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,163 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,163 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,163 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,163 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,163 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \xe0D\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,163 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,163 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,163 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,163 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,173 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,173 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,173 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01PgF\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,183 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,183 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,183 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,183 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,183 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,183 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,183 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80\xeeG\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,183 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,183 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,183 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,183 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,183 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,183 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,183 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80\xeeG\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,183 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,183 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,183 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,193 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,193 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,193 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,193 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xb0uI\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,193 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,193 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,193 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,193 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,193 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,193 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,193 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xe0\xfcJ\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,193 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,203 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,203 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,203 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,203 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,203 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,203 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xe0\xfcJ\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,203 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,203 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,203 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,203 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,203 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,213 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,213 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x10\x84L\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,223 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,223 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,223 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,223 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,223 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,223 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,223 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@\x0bN\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,223 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,223 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,223 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,223 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,223 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,233 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,233 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01p\x92O\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,233 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,233 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,233 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,233 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,233 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,233 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,233 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa0\x19Q\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01@%\x1d\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,233 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,233 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,233 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,243 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,243 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,243 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,243 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xd0\xa0R\x9e\x8a\xa2\xcf\x01\xd0\xa0R\x9e\x8a\xa2\xcf\x01\xd0\xa0R\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,243 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,243 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,243 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,253 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,253 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,253 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,253 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,253 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,253 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,253 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,253 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,253 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,253 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,253 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,253 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,253 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,263 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0\xa0R\x9e\x8a\xa2\xcf\x01\xd0\xa0R\x9e\x8a\xa2\xcf\x01\xd0\xa0R\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,263 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,263 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,263 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,263 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,263 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,263 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,263 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010\xafU\x9e\x8a\xa2\xcf\x01\xd0\xa0R\x9e\x8a\xa2\xcf\x01\xd0\xa0R\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,263 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,263 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,263 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,263 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,263 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,263 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,263 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x010\xafU\x9e\x8a\xa2\xcf\x010\xafU\x9e\x8a\xa2\xcf\x010\xafU\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,313 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,313 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,313 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,313 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,313 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,313 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,313 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,313 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,313 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,313 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,323 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,323 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,323 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,323 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,323 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,323 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,323 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,323 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,323 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,323 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,323 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,323 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,323 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,323 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,323 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,333 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,333 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,333 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,333 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,333 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,333 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01P\xda^\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,333 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,333 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,333 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,333 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,333 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,333 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,333 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80a`\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,333 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,343 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,343 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,343 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,343 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,343 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,343 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80a`\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,343 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,343 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,343 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,343 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,343 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,343 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,343 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xb0\xe8a\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,363 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,363 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,363 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,363 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,363 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,363 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,363 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xb0\xe8a\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,363 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,363 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,363 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,363 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,363 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,363 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,363 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xb0\xe8a\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,363 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,363 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,363 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,363 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,373 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,373 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,373 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x10\xf7d\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,373 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,373 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,373 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,373 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,373 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,373 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,373 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@~f\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,373 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,373 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,373 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,383 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,383 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,383 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,383 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@~f\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,393 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,393 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,393 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,393 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,393 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,393 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,393 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01p\x05h\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,393 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,393 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,393 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,393 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,393 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,393 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,393 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01p\x05h\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,393 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,393 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,403 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,403 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,403 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,403 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,403 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa0\x8ci\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,403 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,403 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,403 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,403 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,403 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,403 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,403 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa0\x8ci\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,403 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,403 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,403 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,403 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,403 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,403 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,403 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0\x13k\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,403 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,413 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,413 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,413 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,413 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,413 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,413 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0\x13k\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,423 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,423 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,423 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,423 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,423 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,423 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,423 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x00\x9bl\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,423 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,423 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,423 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,423 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,423 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,423 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,423 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x00\x9bl\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,423 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,433 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,433 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,433 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,433 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,433 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,433 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010"n\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,433 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,443 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,443 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,443 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,443 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,443 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,443 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`\xa9o\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,443 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,443 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,443 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,443 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,443 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,443 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,443 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`\xa9o\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,463 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,463 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,463 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,463 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,463 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,463 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,463 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc0\xb7r\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,463 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,463 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,463 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,463 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,463 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,463 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,463 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc0\xb7r\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,463 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,463 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,463 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,463 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,463 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,463 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,463 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xf0>t\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,473 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,473 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,473 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,473 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,473 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,473 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,473 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xf0>t\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,473 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,473 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,473 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,473 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,473 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,473 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,473 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \xc6u\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,473 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,473 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,473 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,473 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,473 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,473 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,483 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \xc6u\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,483 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,483 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,483 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,483 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,483 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,483 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,483 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01PMw\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,483 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,483 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,483 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,483 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,483 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,493 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,493 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01PMw\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,503 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,503 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,503 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,503 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,503 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,503 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,503 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80\xd4x\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,503 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,503 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,503 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,503 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,513 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,513 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,513 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80\xd4x\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,513 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,523 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,523 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,523 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,523 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,523 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,523 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xe0\xe2{\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,523 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,523 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,523 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,523 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,523 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,523 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,523 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xe0\xe2{\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,543 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,543 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,543 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,543 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,543 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,543 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,543 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@\xf1~\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,543 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,543 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,543 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,543 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,543 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,543 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,543 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@\xf1~\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,543 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,543 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,543 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,543 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,543 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,543 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,543 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01px\x80\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,553 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,553 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,553 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,553 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,553 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,553 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,553 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa0\xff\x81\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,553 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,553 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,553 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,553 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,553 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,553 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,553 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa0\xff\x81\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,553 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,553 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,553 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,563 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,563 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,563 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,563 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa0\xff\x81\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,643 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,643 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,643 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,643 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,643 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,643 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,643 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0\x86\x83\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,643 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,643 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,643 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,643 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,643 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,643 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,643 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01P\xc0\x8f\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,643 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,653 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,653 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,653 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,653 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,653 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,653 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01P\xc0\x8f\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01\xf0\xcb[\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,653 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,653 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,653 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,653 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,653 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,653 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,653 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\x80G\x91\x9e\x8a\xa2\xcf\x01\x80G\x91\x9e\x8a\xa2\xcf\x01\x80G\x91\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,804 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,804 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,814 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,814 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,814 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,814 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,814 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,814 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,814 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,814 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,814 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,814 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,814 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,824 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,824 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,824 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,824 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01P3\xa8\x9e\x8a\xa2\xcf\x01P3\xa8\x9e\x8a\xa2\xcf\x01P3\xa8\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,834 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,834 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,834 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,834 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,834 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,834 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,834 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xb0A\xab\x9e\x8a\xa2\xcf\x01P3\xa8\x9e\x8a\xa2\xcf\x01P3\xa8\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,834 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,834 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,844 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,844 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,844 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,844 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:26,844 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\x10P\xae\x9e\x8a\xa2\xcf\x01\x10P\xae\x9e\x8a\xa2\xcf\x01\x10P\xae\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:26,854 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,854 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,854 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,864 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,864 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,864 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,864 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,864 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:26,864 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:26,864 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:27,184 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,184 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,184 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,184 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,184 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:27,184 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:27,184 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@\xd7\xaf\x9e\x8a\xa2\xcf\x01@\xd7\xaf\x9e\x8a\xa2\xcf\x01@\xd7\xaf\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:27,184 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,184 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,184 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,184 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,194 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:27,194 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:27,194 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01pD\xe2\x9e\x8a\xa2\xcf\x01@\xd7\xaf\x9e\x8a\xa2\xcf\x01@\xd7\xaf\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:27,194 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,194 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,194 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,194 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,204 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:27,204 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:27,204 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa0\xcb\xe3\x9e\x8a\xa2\xcf\x01@\xd7\xaf\x9e\x8a\xa2\xcf\x01@\xd7\xaf\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:27,204 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,204 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,204 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,204 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,204 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:27,204 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:27,204 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xd0R\xe5\x9e\x8a\xa2\xcf\x01\xd0R\xe5\x9e\x8a\xa2\xcf\x01\xd0R\xe5\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:27,214 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,214 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,214 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,214 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,214 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,214 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,214 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,214 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,214 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:27,214 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:27,224 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,224 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,224 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,224 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,224 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:27,224 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:27,224 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x00\xda\xe6\x9e\x8a\xa2\xcf\x01\x00\xda\xe6\x9e\x8a\xa2\xcf\x01\x00\xda\xe6\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:27,224 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,224 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,224 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,224 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,224 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:27,224 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:27,224 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010a\xe8\x9e\x8a\xa2\xcf\x01\x00\xda\xe6\x9e\x8a\xa2\xcf\x01\x00\xda\xe6\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:27,224 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,224 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,224 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,224 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,224 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:27,224 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:27,224 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x010a\xe8\x9e\x8a\xa2\xcf\x010a\xe8\x9e\x8a\xa2\xcf\x010a\xe8\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:27,274 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,274 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,274 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,274 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,274 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,274 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,274 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,274 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,274 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:27,284 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:27,605 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,605 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,605 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,605 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,605 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:27,605 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:27,605 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xf0}\xee\x9e\x8a\xa2\xcf\x01\xf0}\xee\x9e\x8a\xa2\xcf\x01\xf0}\xee\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:27,605 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,615 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,615 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,615 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,615 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:27,615 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:27,615 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01Pr"\x9f\x8a\xa2\xcf\x01\xf0}\xee\x9e\x8a\xa2\xcf\x01\xf0}\xee\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:27,615 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,625 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,625 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,625 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,625 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:27,625 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:27,625 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80\xf9#\x9f\x8a\xa2\xcf\x01\xf0}\xee\x9e\x8a\xa2\xcf\x01\xf0}\xee\x9e\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:27,625 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,625 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,625 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,635 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,635 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:27,635 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:27,635 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xe0\x07'\x9f\x8a\xa2\xcf\x01\xe0\x07'\x9f\x8a\xa2\xcf\x01\xe0\x07'\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:27,645 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,645 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,645 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,645 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,645 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,645 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,645 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,655 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,655 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:27,655 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:27,655 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,655 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,655 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,655 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,655 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:27,655 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:27,655 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x10\x8f(\x9f\x8a\xa2\xcf\x01\x10\x8f(\x9f\x8a\xa2\xcf\x01\x10\x8f(\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:27,665 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,665 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,665 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,665 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,665 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:27,665 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:27,665 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01p\x9d+\x9f\x8a\xa2\xcf\x01\x10\x8f(\x9f\x8a\xa2\xcf\x01\x10\x8f(\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:27,675 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,675 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,675 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,675 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,675 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:27,675 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:27,675 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xa0$-\x9f\x8a\xa2\xcf\x01\xa0$-\x9f\x8a\xa2\xcf\x01\xa0$-\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:27,695 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,695 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,695 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,695 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,695 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,705 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,705 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,705 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:27,705 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:27,705 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,015 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,015 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,015 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,015 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,015 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,015 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,015 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x0030\x9f\x8a\xa2\xcf\x01\x0030\x9f\x8a\xa2\xcf\x01\x0030\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,015 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,025 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,025 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,025 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,025 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,025 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,025 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x00\x19a\x9f\x8a\xa2\xcf\x01\x0030\x9f\x8a\xa2\xcf\x01\x0030\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,035 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,035 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,035 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,035 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,035 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,035 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,035 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`'d\x9f\x8a\xa2\xcf\x01\x0030\x9f\x8a\xa2\xcf\x01\x0030\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,045 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,045 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,045 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,045 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,045 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,045 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,045 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\x90\xaee\x9f\x8a\xa2\xcf\x01\x90\xaee\x9f\x8a\xa2\xcf\x01\x90\xaee\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,056 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,056 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,056 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,056 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,056 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,056 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,056 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,066 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,066 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,066 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,066 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,066 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,066 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,066 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,066 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,066 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,066 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc05g\x9f\x8a\xa2\xcf\x01\xc05g\x9f\x8a\xa2\xcf\x01\xc05g\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,076 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,076 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,076 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,076 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,076 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,076 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,076 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 Dj\x9f\x8a\xa2\xcf\x01\xc05g\x9f\x8a\xa2\xcf\x01\xc05g\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,076 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,076 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,076 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,076 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,086 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,086 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,086 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01P\xcbk\x9f\x8a\xa2\xcf\x01P\xcbk\x9f\x8a\xa2\xcf\x01P\xcbk\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x0e\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,096 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,106 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,106 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,106 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,106 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,106 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,106 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,106 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,106 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,106 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,416 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,416 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,416 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,416 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,416 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,416 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,416 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80Rm\x9f\x8a\xa2\xcf\x01\x80Rm\x9f\x8a\xa2\xcf\x01\x80Rm\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,416 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,416 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,416 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,416 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,416 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,426 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,426 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x808\x9e\x9f\x8a\xa2\xcf\x01\x80Rm\x9f\x8a\xa2\xcf\x01\x80Rm\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,426 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,426 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,426 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,426 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,426 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,426 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,426 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xb0\xbf\x9f\x9f\x8a\xa2\xcf\x01\x80Rm\x9f\x8a\xa2\xcf\x01\x80Rm\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,426 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,426 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,426 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,426 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,426 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,426 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,426 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xb0\xbf\x9f\x9f\x8a\xa2\xcf\x01\xb0\xbf\x9f\x9f\x8a\xa2\xcf\x01\xb0\xbf\x9f\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,436 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,436 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,436 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,436 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,436 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,436 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,436 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,436 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,436 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,436 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,446 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,446 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,446 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,446 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,446 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,446 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,446 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xe0F\xa1\x9f\x8a\xa2\xcf\x01\xe0F\xa1\x9f\x8a\xa2\xcf\x01\xe0F\xa1\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,446 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,446 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,446 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,446 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,446 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,446 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,446 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x10\xce\xa2\x9f\x8a\xa2\xcf\x01\xe0F\xa1\x9f\x8a\xa2\xcf\x01\xe0F\xa1\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,446 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,446 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,446 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,446 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,446 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,446 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,446 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\x10\xce\xa2\x9f\x8a\xa2\xcf\x01\x10\xce\xa2\x9f\x8a\xa2\xcf\x01\x10\xce\xa2\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,486 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,486 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,486 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,486 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,486 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,486 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,486 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,486 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,486 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,486 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,817 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,817 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,817 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,827 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,827 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,827 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,827 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0\xea\xa8\x9f\x8a\xa2\xcf\x01\xd0\xea\xa8\x9f\x8a\xa2\xcf\x01\xd0\xea\xa8\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,837 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,837 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,837 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,837 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,837 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,837 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,837 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`f\xde\x9f\x8a\xa2\xcf\x01\xd0\xea\xa8\x9f\x8a\xa2\xcf\x01\xd0\xea\xa8\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,847 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,847 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,847 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,847 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,847 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,847 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,847 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\xed\xdf\x9f\x8a\xa2\xcf\x01\xd0\xea\xa8\x9f\x8a\xa2\xcf\x01\xd0\xea\xa8\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,857 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,857 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,857 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,857 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,857 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,857 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,857 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xc0t\xe1\x9f\x8a\xa2\xcf\x01\xc0t\xe1\x9f\x8a\xa2\xcf\x01\xc0t\xe1\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x11\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,877 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,887 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,887 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,887 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,887 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,887 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,887 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,887 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,887 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,887 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,887 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,897 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,897 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,897 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,897 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,897 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,897 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x83\xe4\x9f\x8a\xa2\xcf\x01 \x83\xe4\x9f\x8a\xa2\xcf\x01 \x83\xe4\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,897 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,897 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,907 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,907 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,907 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,907 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,907 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80\x91\xe7\x9f\x8a\xa2\xcf\x01 \x83\xe4\x9f\x8a\xa2\xcf\x01 \x83\xe4\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,907 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,907 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,907 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,907 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,917 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,917 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:28,917 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xe0\x9f\xea\x9f\x8a\xa2\xcf\x01\xe0\x9f\xea\x9f\x8a\xa2\xcf\x01\xe0\x9f\xea\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:28,957 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,957 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,957 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,957 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,957 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,967 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,967 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,967 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:28,967 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:28,967 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:29,277 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,277 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,277 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,277 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,277 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:29,277 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:29,287 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa0\xbc\xf0\x9f\x8a\xa2\xcf\x01\xa0\xbc\xf0\x9f\x8a\xa2\xcf\x01\xa0\xbc\xf0\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:29,287 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,287 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,287 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,287 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,297 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:29,297 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:29,297 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0)#\xa0\x8a\xa2\xcf\x01\xa0\xbc\xf0\x9f\x8a\xa2\xcf\x01\xa0\xbc\xf0\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:29,297 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,297 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,307 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:29,307 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:29,307 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x00\xb1$\xa0\x8a\xa2\xcf\x01\xa0\xbc\xf0\x9f\x8a\xa2\xcf\x01\xa0\xbc\xf0\x9f\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:29,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,307 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,307 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:29,307 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:29,307 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x0108&\xa0\x8a\xa2\xcf\x0108&\xa0\x8a\xa2\xcf\x0108&\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x13\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:29,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,478 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:29,478 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:29,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,478 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:29,478 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:29,478 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`2@\xa0\x8a\xa2\xcf\x01`2@\xa0\x8a\xa2\xcf\x01`2@\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:29,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,478 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:29,478 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:29,478 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`2@\xa0\x8a\xa2\xcf\x01`2@\xa0\x8a\xa2\xcf\x01`2@\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:29,488 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,488 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,488 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,488 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,488 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:29,488 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:29,488 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\x90\xb9A\xa0\x8a\xa2\xcf\x01\x90\xb9A\xa0\x8a\xa2\xcf\x01\x90\xb9A\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x14\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:29,518 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,518 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,518 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,518 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,518 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,518 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,518 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,528 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,528 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:29,528 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:29,838 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,838 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,838 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,838 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,838 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:29,838 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:29,848 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 OF\xa0\x8a\xa2\xcf\x01 OF\xa0\x8a\xa2\xcf\x01 OF\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:29,848 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,848 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,848 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,858 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,858 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:29,858 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:29,858 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01P\xbcx\xa0\x8a\xa2\xcf\x01 OF\xa0\x8a\xa2\xcf\x01 OF\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:29,858 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,868 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,868 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,868 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,868 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:29,868 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:29,868 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80Cz\xa0\x8a\xa2\xcf\x01 OF\xa0\x8a\xa2\xcf\x01 OF\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:29,868 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,868 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,868 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,868 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,868 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:29,868 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:29,868 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xb0\xca{\xa0\x8a\xa2\xcf\x01\xb0\xca{\xa0\x8a\xa2\xcf\x01\xb0\xca{\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x15\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:29,888 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,888 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,888 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,888 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,888 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,888 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,888 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,888 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,888 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:29,888 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:29,898 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,898 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,898 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,898 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,898 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:29,898 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:29,898 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x10\xd9~\xa0\x8a\xa2\xcf\x01\x10\xd9~\xa0\x8a\xa2\xcf\x01\x10\xd9~\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:29,908 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,908 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,908 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,908 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,908 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:29,908 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:29,908 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01p\xe7\x81\xa0\x8a\xa2\xcf\x01\x10\xd9~\xa0\x8a\xa2\xcf\x01\x10\xd9~\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:29,908 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,908 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,908 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,908 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,918 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:29,918 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:29,918 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xa0n\x83\xa0\x8a\xa2\xcf\x01\xa0n\x83\xa0\x8a\xa2\xcf\x01\xa0n\x83\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x16\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:29,958 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,958 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,958 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,958 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,968 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,968 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,968 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,968 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:29,968 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:29,968 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:30,289 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,289 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,289 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,289 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,289 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:30,289 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:30,289 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`\x8b\x89\xa0\x8a\xa2\xcf\x01`\x8b\x89\xa0\x8a\xa2\xcf\x01`\x8b\x89\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:30,299 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,299 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,299 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,299 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,299 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:30,299 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:30,309 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc0\x7f\xbd\xa0\x8a\xa2\xcf\x01`\x8b\x89\xa0\x8a\xa2\xcf\x01`\x8b\x89\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:30,309 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,309 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,309 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,309 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,319 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:30,319 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:30,319 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xf0\x06\xbf\xa0\x8a\xa2\xcf\x01`\x8b\x89\xa0\x8a\xa2\xcf\x01`\x8b\x89\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:30,319 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,319 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,319 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,319 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,319 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:30,329 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:30,329 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01 \x8e\xc0\xa0\x8a\xa2\xcf\x01 \x8e\xc0\xa0\x8a\xa2\xcf\x01 \x8e\xc0\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x17\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:30,339 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,339 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,339 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,339 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,339 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,339 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,339 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,339 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,339 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:30,339 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:30,349 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,349 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,349 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,349 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,349 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:30,349 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:30,349 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80\x9c\xc3\xa0\x8a\xa2\xcf\x01\x80\x9c\xc3\xa0\x8a\xa2\xcf\x01\x80\x9c\xc3\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:30,349 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,349 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,349 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,349 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,349 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:30,349 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:30,349 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xb0#\xc5\xa0\x8a\xa2\xcf\x01\x80\x9c\xc3\xa0\x8a\xa2\xcf\x01\x80\x9c\xc3\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:30,349 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,349 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,359 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,359 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,359 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:30,359 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:30,359 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xe0\xaa\xc6\xa0\x8a\xa2\xcf\x01\xe0\xaa\xc6\xa0\x8a\xa2\xcf\x01\xe0\xaa\xc6\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:30,389 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,389 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,389 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,389 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,399 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,399 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,399 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,399 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,399 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:30,399 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:30,719 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,719 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,719 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,719 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,719 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:30,719 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:30,719 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01p@\xcb\xa0\x8a\xa2\xcf\x01p@\xcb\xa0\x8a\xa2\xcf\x01p@\xcb\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:30,719 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,719 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,719 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,729 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,729 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:30,729 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:30,729 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa0\xad\xfd\xa0\x8a\xa2\xcf\x01p@\xcb\xa0\x8a\xa2\xcf\x01p@\xcb\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:30,729 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,729 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,729 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,729 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,729 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:30,729 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:30,729 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd04\xff\xa0\x8a\xa2\xcf\x01p@\xcb\xa0\x8a\xa2\xcf\x01p@\xcb\xa0\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:30,729 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,729 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,729 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,739 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,739 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:30,739 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:30,739 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\x00\xbc\x00\xa1\x8a\xa2\xcf\x01\x00\xbc\x00\xa1\x8a\xa2\xcf\x01\x00\xbc\x00\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:30,749 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,749 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,749 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,749 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,749 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,749 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,749 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,749 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,749 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:30,749 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:30,749 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,749 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,749 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,749 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,749 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:30,749 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:30,749 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010C\x02\xa1\x8a\xa2\xcf\x010C\x02\xa1\x8a\xa2\xcf\x010C\x02\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:30,759 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,759 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,759 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,759 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,759 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:30,759 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:30,759 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`\xca\x03\xa1\x8a\xa2\xcf\x010C\x02\xa1\x8a\xa2\xcf\x010C\x02\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:30,759 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,759 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,759 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,759 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,759 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:30,759 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:30,759 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01`\xca\x03\xa1\x8a\xa2\xcf\x01`\xca\x03\xa1\x8a\xa2\xcf\x01`\xca\x03\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:30,769 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,769 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,769 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,769 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,769 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,769 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,769 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,769 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:30,769 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:30,769 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:31,090 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,090 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,090 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,090 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,090 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:31,090 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:31,090 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`\xca\x03\xa1\x8a\xa2\xcf\x01`\xca\x03\xa1\x8a\xa2\xcf\x01`\xca\x03\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:31,100 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,100 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,100 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,100 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,100 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:31,100 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:31,110 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc0\xbe7\xa1\x8a\xa2\xcf\x01`\xca\x03\xa1\x8a\xa2\xcf\x01`\xca\x03\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:31,110 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,110 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,110 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,110 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,110 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:31,110 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:31,110 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xf0E9\xa1\x8a\xa2\xcf\x01`\xca\x03\xa1\x8a\xa2\xcf\x01`\xca\x03\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:31,120 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,120 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,120 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,120 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,120 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:31,120 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:31,120 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01 \xcd:\xa1\x8a\xa2\xcf\x01 \xcd:\xa1\x8a\xa2\xcf\x01 \xcd:\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:31,130 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,130 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,130 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,130 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,130 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,130 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,130 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,140 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,140 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:31,140 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:31,140 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,140 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,140 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,140 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,140 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:31,140 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:31,140 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01PT<\xa1\x8a\xa2\xcf\x01PT<\xa1\x8a\xa2\xcf\x01PT<\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:31,150 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,150 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,150 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,150 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,150 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:31,150 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:31,150 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xb0b?\xa1\x8a\xa2\xcf\x01PT<\xa1\x8a\xa2\xcf\x01PT<\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:31,150 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,150 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,150 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,150 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,160 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:31,160 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:31,160 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xb0b?\xa1\x8a\xa2\xcf\x01\xb0b?\xa1\x8a\xa2\xcf\x01\xb0b?\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x1c\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:31,210 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,220 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,220 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,220 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,220 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,220 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,220 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,220 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,220 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:31,220 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:31,541 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,541 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,541 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,541 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,541 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:31,541 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:31,541 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0\x8dH\xa1\x8a\xa2\xcf\x01\xd0\x8dH\xa1\x8a\xa2\xcf\x01\xd0\x8dH\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:31,541 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,541 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,551 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,551 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,551 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:31,561 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:31,561 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x00\xfbz\xa1\x8a\xa2\xcf\x01\xd0\x8dH\xa1\x8a\xa2\xcf\x01\xd0\x8dH\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:31,561 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,561 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,561 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,561 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,571 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:31,571 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:31,571 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01` ~\xa1\x8a\xa2\xcf\x01\xd0\x8dH\xa1\x8a\xa2\xcf\x01\xd0\x8dH\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:31,571 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,571 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,571 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,571 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,571 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:31,571 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:31,571 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\x90\x90\x7f\xa1\x8a\xa2\xcf\x01\x90\x90\x7f\xa1\x8a\xa2\xcf\x01\x90\x90\x7f\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x1d\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:31,591 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,591 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,591 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,591 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,601 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,601 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,601 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,601 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,601 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:31,601 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:31,611 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,611 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,611 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,611 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,611 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:31,611 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:31,611 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xf0\x9e\x82\xa1\x8a\xa2\xcf\x01\xf0\x9e\x82\xa1\x8a\xa2\xcf\x01\xf0\x9e\x82\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:31,611 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,611 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,611 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,611 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,621 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:31,621 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:31,621 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01P\xad\x85\xa1\x8a\xa2\xcf\x01\xf0\x9e\x82\xa1\x8a\xa2\xcf\x01\xf0\x9e\x82\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:31,621 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,621 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,621 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,621 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,631 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:31,631 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:31,631 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\x804\x87\xa1\x8a\xa2\xcf\x01\x804\x87\xa1\x8a\xa2\xcf\x01\x804\x87\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x1e\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:31,831 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,831 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,831 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,831 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,831 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,831 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,831 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,831 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:31,831 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:31,831 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:32,141 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,141 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,141 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,141 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,141 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:32,141 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:32,141 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@\xc4\xa5\xa1\x8a\xa2\xcf\x01@\xc4\xa5\xa1\x8a\xa2\xcf\x01@\xc4\xa5\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:32,151 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,151 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,151 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,151 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,151 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:32,161 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:32,161 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01p1\xd8\xa1\x8a\xa2\xcf\x01@\xc4\xa5\xa1\x8a\xa2\xcf\x01@\xc4\xa5\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:32,161 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,171 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,171 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,171 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,171 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:32,171 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:32,171 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa0\xb8\xd9\xa1\x8a\xa2\xcf\x01@\xc4\xa5\xa1\x8a\xa2\xcf\x01@\xc4\xa5\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:32,171 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,171 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,171 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,171 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,171 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:32,171 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:32,171 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xd0?\xdb\xa1\x8a\xa2\xcf\x01\xd0?\xdb\xa1\x8a\xa2\xcf\x01\xd0?\xdb\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00\x1f\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:32,201 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,211 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,211 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,211 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,211 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,211 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,211 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,211 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,211 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:32,211 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:32,211 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,211 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,211 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,211 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,211 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:32,211 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:32,211 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`\xd5\xdf\xa1\x8a\xa2\xcf\x01`\xd5\xdf\xa1\x8a\xa2\xcf\x01`\xd5\xdf\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:32,221 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,221 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,221 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,221 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,221 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:32,221 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:32,221 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc0\xe3\xe2\xa1\x8a\xa2\xcf\x01`\xd5\xdf\xa1\x8a\xa2\xcf\x01`\xd5\xdf\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:32,232 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,232 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,232 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,232 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,232 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:32,232 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:32,232 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000494 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xf0j\xe4\xa1\x8a\xa2\xcf\x01\xf0j\xe4\xa1\x8a\xa2\xcf\x01\xf0j\xe4\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:32,282 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,282 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,282 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,282 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,282 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,282 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,282 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,282 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,282 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:32,282 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000498 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:32,442 | 1200 | RegOpenKeyExW |
Handle => 0x00000494 Registry => 0x80000002 SubKey => System |
SUCCESS | 0x00000000 | |
| 09:17:32,442 | 1200 | RegCloseKey |
Handle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:32,442 | 1200 | RegCreateKeyExW |
Handle => 0x00000494 Access => 33554432 Registry => 0x80000002 Class => SubKey => System\Acrobatbrokerserverdispatchercpp789 |
SUCCESS | 0x00000000 | |
| 09:17:32,442 | 1200 | RegCloseKey |
Handle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:32,442 | 1200 | RegDeleteKeyW |
Handle => 0x80000002 SubKey => System\Acrobatbrokerserverdispatchercpp789 |
SUCCESS | 0x00000000 | |
| 09:17:32,452 | 1200 | RegOpenKeyExW |
Handle => 0x00000494 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion |
SUCCESS | 0x00000000 | |
| 09:17:32,452 | 1200 | RegQueryValueExW |
Handle => 0x00000494 Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\\x00C\x00o\x00m\x00m\x00o\x00n\x00 \x00F\x00i\x00l\x00e\x00s\x00\x00\x00 ValueName => CommonFilesDir |
SUCCESS | 0x00000000 | |
| 09:17:32,452 | 1200 | RegCloseKey |
Handle => 0x00000494 |
SUCCESS | 0x00000000 | |
| 09:17:32,452 | 1200 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32.DLL |
SUCCESS | 0x00000000 | |
| 09:17:32,492 | 1200 | ShellExecuteExW |
Show => 1 Parameters => /PRODUCT:Reader /VERSION:11.0 /MODE:3 FilePath => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" |
SUCCESS | 0x00000001 | |
| 09:17:32,592 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,592 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,592 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,592 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,592 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:32,592 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:32,592 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xe0\x0e\xec\xa1\x8a\xa2\xcf\x01\xe0\x0e\xec\xa1\x8a\xa2\xcf\x01\xe0\x0e\xec\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:32,592 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,592 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,592 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,592 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,592 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:32,592 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:32,592 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xb0m\x1b\xa2\x8a\xa2\xcf\x01\xe0\x0e\xec\xa1\x8a\xa2\xcf\x01\xe0\x0e\xec\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:32,592 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,592 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,592 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,592 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,592 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:32,592 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:32,592 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xb0m\x1b\xa2\x8a\xa2\xcf\x01\xe0\x0e\xec\xa1\x8a\xa2\xcf\x01\xe0\x0e\xec\xa1\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:32,602 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,602 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,602 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,602 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,602 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:32,602 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:32,602 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xe0\xf4\x1c\xa2\x8a\xa2\xcf\x01\xe0\xf4\x1c\xa2\x8a\xa2\xcf\x01\xe0\xf4\x1c\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00!\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:32,772 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,772 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,772 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,772 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,782 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,782 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,782 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,782 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,782 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:32,782 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:32,782 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,802 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,802 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,802 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,802 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:32,802 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:32,802 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`.)\xa2\x8a\xa2\xcf\x01`.)\xa2\x8a\xa2\xcf\x01`.)\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:32,802 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,802 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,802 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,802 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,802 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:32,802 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:32,802 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa0\x84;\xa2\x8a\xa2\xcf\x01`.)\xa2\x8a\xa2\xcf\x01`.)\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:32,802 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,802 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,802 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,802 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,802 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:32,802 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:32,802 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xa0\x84;\xa2\x8a\xa2\xcf\x01\xa0\x84;\xa2\x8a\xa2\xcf\x01\xa0\x84;\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00[L\x00\x00\x00\x00"\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:32,953 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,953 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,953 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,953 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,953 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,953 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,953 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,953 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:32,953 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:32,953 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:33,263 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,263 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,263 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,263 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,273 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:33,273 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:33,273 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@\xe9P\xa2\x8a\xa2\xcf\x01@\xe9P\xa2\x8a\xa2\xcf\x01@\xe9P\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:33,273 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,273 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,283 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,283 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,283 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:33,283 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:33,283 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01pV\x83\xa2\x8a\xa2\xcf\x01@\xe9P\xa2\x8a\xa2\xcf\x01@\xe9P\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:33,293 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,293 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,293 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,293 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,293 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:33,293 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:33,293 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0d\x86\xa2\x8a\xa2\xcf\x01@\xe9P\xa2\x8a\xa2\xcf\x01@\xe9P\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:33,303 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,303 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,303 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,303 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,303 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:33,303 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:33,303 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\x00\xec\x87\xa2\x8a\xa2\xcf\x01\x00\xec\x87\xa2\x8a\xa2\xcf\x01\x00\xec\x87\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:33,343 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,343 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,343 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,343 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,343 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,343 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,343 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,343 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,353 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:33,353 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:33,353 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,353 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,353 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,353 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,353 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:33,353 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:33,363 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\x81\x8c\xa2\x8a\xa2\xcf\x01\x90\x81\x8c\xa2\x8a\xa2\xcf\x01\x90\x81\x8c\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:33,363 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,363 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,363 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,363 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,363 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:33,363 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:33,363 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x17\x91\xa2\x8a\xa2\xcf\x01\x90\x81\x8c\xa2\x8a\xa2\xcf\x01\x90\x81\x8c\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:33,373 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,373 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,373 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,373 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,373 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:33,373 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:33,373 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01P\x9e\x92\xa2\x8a\xa2\xcf\x01P\x9e\x92\xa2\x8a\xa2\xcf\x01P\x9e\x92\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:33,383 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,383 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,383 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,383 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,393 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,393 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,393 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,393 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,393 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:33,393 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:33,714 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,714 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,714 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,714 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,714 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:33,724 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:33,724 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80%\x94\xa2\x8a\xa2\xcf\x01\x80%\x94\xa2\x8a\xa2\xcf\x01\x80%\x94\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:33,734 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,734 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,744 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,744 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,744 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:33,744 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:33,744 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xe0\x19\xc8\xa2\x8a\xa2\xcf\x01\x80%\x94\xa2\x8a\xa2\xcf\x01\x80%\x94\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:33,744 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,754 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,754 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,754 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,754 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:33,754 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:33,754 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@(\xcb\xa2\x8a\xa2\xcf\x01\x80%\x94\xa2\x8a\xa2\xcf\x01\x80%\x94\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:33,764 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,764 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,764 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,764 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,764 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:33,764 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:33,764 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xa06\xce\xa2\x8a\xa2\xcf\x01\xa06\xce\xa2\x8a\xa2\xcf\x01\xa06\xce\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:33,814 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,824 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,824 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,824 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,824 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,824 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,824 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,824 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,824 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:33,824 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:33,834 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,834 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,834 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,834 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,834 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:33,834 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:33,834 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\xda\xd5\xa2\x8a\xa2\xcf\x01\x90\xda\xd5\xa2\x8a\xa2\xcf\x01\x90\xda\xd5\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:33,844 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,844 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,844 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,844 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,844 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:33,844 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:33,844 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 p\xda\xa2\x8a\xa2\xcf\x01\x90\xda\xd5\xa2\x8a\xa2\xcf\x01\x90\xda\xd5\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:33,844 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,844 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,844 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,844 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,844 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:33,844 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:33,844 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01 p\xda\xa2\x8a\xa2\xcf\x01 p\xda\xa2\x8a\xa2\xcf\x01 p\xda\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:33,864 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,864 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,864 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,864 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,864 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,864 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,864 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,864 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:33,874 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:33,874 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:34,194 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,194 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,194 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,194 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,194 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:34,194 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:34,194 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x80~\xdd\xa2\x8a\xa2\xcf\x01\x80~\xdd\xa2\x8a\xa2\xcf\x01\x80~\xdd\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:34,194 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,194 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,194 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,194 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,194 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:34,204 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:34,204 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xb0\xeb\x0f\xa3\x8a\xa2\xcf\x01\x80~\xdd\xa2\x8a\xa2\xcf\x01\x80~\xdd\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:34,204 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,204 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,204 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,204 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,204 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:34,204 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:34,204 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xe0r\x11\xa3\x8a\xa2\xcf\x01\x80~\xdd\xa2\x8a\xa2\xcf\x01\x80~\xdd\xa2\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:34,204 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,204 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,204 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,204 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,204 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:34,204 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:34,204 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xe0r\x11\xa3\x8a\xa2\xcf\x01\xe0r\x11\xa3\x8a\xa2\xcf\x01\xe0r\x11\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:34,264 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,264 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,264 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,264 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,264 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,264 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,264 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,264 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,264 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:34,264 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:34,274 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,274 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,274 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,274 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,274 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:34,274 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:34,274 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0\x16\x19\xa3\x8a\xa2\xcf\x01\xd0\x16\x19\xa3\x8a\xa2\xcf\x01\xd0\x16\x19\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:34,274 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,284 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,284 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,284 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,284 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:34,284 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:34,284 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010%\x1c\xa3\x8a\xa2\xcf\x01\xd0\x16\x19\xa3\x8a\xa2\xcf\x01\xd0\x16\x19\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:34,284 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,284 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,294 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,294 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,294 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:34,294 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:34,294 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\x903\x1f\xa3\x8a\xa2\xcf\x01\x903\x1f\xa3\x8a\xa2\xcf\x01\x903\x1f\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:34,315 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,315 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,315 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,315 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,315 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,315 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,325 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,325 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,325 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:34,325 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:34,645 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,645 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,645 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,645 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,645 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:34,645 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:34,645 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xf0A"\xa3\x8a\xa2\xcf\x01\xf0A"\xa3\x8a\xa2\xcf\x01\xf0A"\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:34,655 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,655 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,665 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,665 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,665 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:34,665 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:34,665 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01P6V\xa3\x8a\xa2\xcf\x01\xf0A"\xa3\x8a\xa2\xcf\x01\xf0A"\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:34,675 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,675 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,675 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,675 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,675 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:34,675 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:34,675 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xb0DY\xa3\x8a\xa2\xcf\x01\xf0A"\xa3\x8a\xa2\xcf\x01\xf0A"\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:34,675 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,675 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,675 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,685 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,685 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:34,685 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:34,685 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xe0\xcbZ\xa3\x8a\xa2\xcf\x01\xe0\xcbZ\xa3\x8a\xa2\xcf\x01\xe0\xcbZ\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:34,735 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,735 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,735 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,735 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,735 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,745 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,745 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,745 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,745 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:34,745 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:34,745 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,745 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,745 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,745 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,755 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:34,755 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:34,755 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0ob\xa3\x8a\xa2\xcf\x01\xd0ob\xa3\x8a\xa2\xcf\x01\xd0ob\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:34,755 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,755 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,755 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,755 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,755 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:34,765 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:34,765 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010~e\xa3\x8a\xa2\xcf\x01\xd0ob\xa3\x8a\xa2\xcf\x01\xd0ob\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:34,765 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,765 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,765 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,765 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,765 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:34,765 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:34,765 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01`\x05g\xa3\x8a\xa2\xcf\x01`\x05g\xa3\x8a\xa2\xcf\x01`\x05g\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:34,785 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,785 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,785 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,785 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,785 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,785 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,795 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,795 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:34,795 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:34,795 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:35,116 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,116 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,116 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,116 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,116 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:35,116 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:35,116 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc0\x13j\xa3\x8a\xa2\xcf\x01\xc0\x13j\xa3\x8a\xa2\xcf\x01\xc0\x13j\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:35,126 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,126 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,126 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,126 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,126 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:35,136 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:35,136 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x08\x9e\xa3\x8a\xa2\xcf\x01\xc0\x13j\xa3\x8a\xa2\xcf\x01\xc0\x13j\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:35,136 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,136 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,136 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,136 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,136 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:35,136 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:35,136 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01P\x8f\x9f\xa3\x8a\xa2\xcf\x01\xc0\x13j\xa3\x8a\xa2\xcf\x01\xc0\x13j\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:35,206 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,206 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,206 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,206 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,206 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:35,206 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:35,206 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xa0A\xaa\xa3\x8a\xa2\xcf\x01\xa0A\xaa\xa3\x8a\xa2\xcf\x01\xa0A\xaa\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:35,276 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:35,276 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:35,276 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xf0\xf3\xb4\xa3\x8a\xa2\xcf\x01\xf0\xf3\xb4\xa3\x8a\xa2\xcf\x01\xf0\xf3\xb4\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:35,276 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:35,276 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xf0\xf3\xb4\xa3\x8a\xa2\xcf\x01\xf0\xf3\xb4\xa3\x8a\xa2\xcf\x01\xf0\xf3\xb4\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,276 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:35,276 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:35,276 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xf0\xf3\xb4\xa3\x8a\xa2\xcf\x01\xf0\xf3\xb4\xa3\x8a\xa2\xcf\x01\xf0\xf3\xb4\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:35,286 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,286 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,286 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,286 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,286 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,286 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,286 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,286 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,286 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:35,286 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:35,606 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,606 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,606 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,606 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,606 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:35,606 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:35,616 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 {\xb6\xa3\x8a\xa2\xcf\x01 {\xb6\xa3\x8a\xa2\xcf\x01 {\xb6\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:35,626 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,626 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,626 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,626 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,626 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:35,626 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:35,636 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01P\xe8\xe8\xa3\x8a\xa2\xcf\x01 {\xb6\xa3\x8a\xa2\xcf\x01 {\xb6\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:35,636 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,636 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,636 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,636 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,636 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:35,636 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:35,636 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xb0\xf6\xeb\xa3\x8a\xa2\xcf\x01 {\xb6\xa3\x8a\xa2\xcf\x01 {\xb6\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:35,646 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,646 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,646 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,646 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,646 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:35,646 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:35,646 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xe0}\xed\xa3\x8a\xa2\xcf\x01\xe0}\xed\xa3\x8a\xa2\xcf\x01\xe0}\xed\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:35,666 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,666 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,666 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,666 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,676 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,676 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,676 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,676 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,676 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:35,676 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:35,676 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,676 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,676 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,676 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,676 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:35,676 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:35,676 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@\x8c\xf0\xa3\x8a\xa2\xcf\x01@\x8c\xf0\xa3\x8a\xa2\xcf\x01@\x8c\xf0\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:35,686 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,686 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,686 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,686 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,686 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:35,686 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:35,686 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa0\x9a\xf3\xa3\x8a\xa2\xcf\x01@\x8c\xf0\xa3\x8a\xa2\xcf\x01@\x8c\xf0\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:35,696 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,696 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,696 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,696 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,696 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:35,696 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:35,696 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xd0!\xf5\xa3\x8a\xa2\xcf\x01\xd0!\xf5\xa3\x8a\xa2\xcf\x01\xd0!\xf5\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:35,707 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,707 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,707 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,707 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,717 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,717 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,717 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,717 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:35,717 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:35,717 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,037 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,037 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,037 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,037 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,037 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,037 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,037 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x00\xa9\xf6\xa3\x8a\xa2\xcf\x01\x00\xa9\xf6\xa3\x8a\xa2\xcf\x01\x00\xa9\xf6\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:36,047 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,047 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,047 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,047 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,047 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,047 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,047 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`\x9d*\xa4\x8a\xa2\xcf\x01\x00\xa9\xf6\xa3\x8a\xa2\xcf\x01\x00\xa9\xf6\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:36,057 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,057 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,057 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,057 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,057 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,057 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,067 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90$,\xa4\x8a\xa2\xcf\x01\x00\xa9\xf6\xa3\x8a\xa2\xcf\x01\x00\xa9\xf6\xa3\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:36,067 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,067 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,067 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,067 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,067 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,067 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,077 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xc0\xab-\xa4\x8a\xa2\xcf\x01\xc0\xab-\xa4\x8a\xa2\xcf\x01\xc0\xab-\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:36,097 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,097 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,097 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,097 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,097 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,097 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,107 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,107 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,107 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,107 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,107 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,107 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,107 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,107 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,107 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,107 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,107 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01PA2\xa4\x8a\xa2\xcf\x01PA2\xa4\x8a\xa2\xcf\x01PA2\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:36,117 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,117 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,117 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,117 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,117 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,117 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,117 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xb0O5\xa4\x8a\xa2\xcf\x01PA2\xa4\x8a\xa2\xcf\x01PA2\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:36,117 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,117 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,117 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,127 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,127 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,127 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,127 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xe0\xd66\xa4\x8a\xa2\xcf\x01\xe0\xd66\xa4\x8a\xa2\xcf\x01\xe0\xd66\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x0e\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:36,137 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,137 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,137 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,137 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,137 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,137 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,137 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,137 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,137 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,137 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,468 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,468 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,468 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,468 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,468 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,468 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,468 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x10^8\xa4\x8a\xa2\xcf\x01\x10^8\xa4\x8a\xa2\xcf\x01\x10^8\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:36,468 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,478 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,478 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,478 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@\xcbj\xa4\x8a\xa2\xcf\x01\x10^8\xa4\x8a\xa2\xcf\x01\x10^8\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:36,478 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,488 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,488 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,488 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,488 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,488 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,488 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01pRl\xa4\x8a\xa2\xcf\x01\x10^8\xa4\x8a\xa2\xcf\x01\x10^8\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:36,488 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,488 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,488 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,488 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,488 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,488 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,488 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xa0\xd9m\xa4\x8a\xa2\xcf\x01\xa0\xd9m\xa4\x8a\xa2\xcf\x01\xa0\xd9m\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:36,538 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,538 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,538 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,538 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,538 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,538 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,538 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,538 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,538 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,538 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,538 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,538 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,538 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,538 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,538 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,538 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,538 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90}u\xa4\x8a\xa2\xcf\x01\x90}u\xa4\x8a\xa2\xcf\x01\x90}u\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:36,548 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,548 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,548 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,548 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,548 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,548 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,548 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc0\x04w\xa4\x8a\xa2\xcf\x01\x90}u\xa4\x8a\xa2\xcf\x01\x90}u\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:36,548 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,548 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,548 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,548 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,548 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,548 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,548 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xc0\x04w\xa4\x8a\xa2\xcf\x01\xc0\x04w\xa4\x8a\xa2\xcf\x01\xc0\x04w\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:36,548 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,548 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,548 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,548 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,558 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,558 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,558 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,558 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,558 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,558 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,878 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,878 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,878 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,878 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,878 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,878 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,878 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc0\x04w\xa4\x8a\xa2\xcf\x01\xc0\x04w\xa4\x8a\xa2\xcf\x01\xc0\x04w\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:36,888 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,888 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,888 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,888 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,888 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,898 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,898 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \xf9\xaa\xa4\x8a\xa2\xcf\x01\xc0\x04w\xa4\x8a\xa2\xcf\x01\xc0\x04w\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:36,898 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,898 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,908 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,908 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,908 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,908 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,908 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01P\x80\xac\xa4\x8a\xa2\xcf\x01\xc0\x04w\xa4\x8a\xa2\xcf\x01\xc0\x04w\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:36,908 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,908 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,908 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,908 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:36,918 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:36,918 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:36,918 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xb0\x8e\xaf\xa4\x8a\xa2\xcf\x01\xb0\x8e\xaf\xa4\x8a\xa2\xcf\x01\xb0\x8e\xaf\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x11\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:37,078 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,088 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,088 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,088 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,088 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,088 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,088 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,088 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,088 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:37,088 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:37,099 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,099 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,099 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,099 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,099 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:37,099 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:37,099 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xb0\x01\xc8\xa4\x8a\xa2\xcf\x01\xb0\x01\xc8\xa4\x8a\xa2\xcf\x01\xb0\x01\xc8\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:37,109 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,109 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,109 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,109 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,109 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:37,109 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:37,109 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@\x97\xcc\xa4\x8a\xa2\xcf\x01\xb0\x01\xc8\xa4\x8a\xa2\xcf\x01\xb0\x01\xc8\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:37,109 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,119 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,119 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,119 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,119 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:37,119 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:37,119 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01p\x1e\xce\xa4\x8a\xa2\xcf\x01p\x1e\xce\xa4\x8a\xa2\xcf\x01p\x1e\xce\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:37,139 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,139 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,139 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,139 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,139 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,139 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,139 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,139 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,139 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:37,149 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:37,489 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,489 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,489 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,489 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,489 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:37,489 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:37,489 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0,\xd1\xa4\x8a\xa2\xcf\x01\xd0,\xd1\xa4\x8a\xa2\xcf\x01\xd0,\xd1\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:37,499 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,499 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,499 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,529 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,529 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:37,529 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:37,539 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90/\x08\xa5\x8a\xa2\xcf\x01\xd0,\xd1\xa4\x8a\xa2\xcf\x01\xd0,\xd1\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:37,539 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,539 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,569 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,569 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,569 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:37,569 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:37,569 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01PL\x0e\xa5\x8a\xa2\xcf\x01\xd0,\xd1\xa4\x8a\xa2\xcf\x01\xd0,\xd1\xa4\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:37,619 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,619 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,619 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,619 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,619 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:37,619 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:37,619 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xd0\x85\x1a\xa5\x8a\xa2\xcf\x01\xd0\x85\x1a\xa5\x8a\xa2\xcf\x01\xd0\x85\x1a\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x13\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:37,659 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,659 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,659 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,659 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,659 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,659 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,659 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,659 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,659 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:37,659 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:37,659 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,659 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,659 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,659 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,669 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:37,669 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:37,669 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\xa2 \xa5\x8a\xa2\xcf\x01\x90\xa2 \xa5\x8a\xa2\xcf\x01\x90\xa2 \xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:37,669 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,669 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,669 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,669 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,669 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:37,669 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:37,669 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc0)"\xa5\x8a\xa2\xcf\x01\x90\xa2 \xa5\x8a\xa2\xcf\x01\x90\xa2 \xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:37,669 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,669 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,669 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,669 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,679 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:37,679 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:37,679 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xc0)"\xa5\x8a\xa2\xcf\x01\xc0)"\xa5\x8a\xa2\xcf\x01\xc0)"\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x14\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:37,679 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,679 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,679 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,679 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,679 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,679 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,679 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,679 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:37,679 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:37,679 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,000 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,000 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,000 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,000 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,010 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,010 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,010 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xf0\xb0#\xa5\x8a\xa2\xcf\x01\xf0\xb0#\xa5\x8a\xa2\xcf\x01\xf0\xb0#\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,010 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,020 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,020 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,020 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,020 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,020 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,020 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \x1eV\xa5\x8a\xa2\xcf\x01\xf0\xb0#\xa5\x8a\xa2\xcf\x01\xf0\xb0#\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,030 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,030 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,030 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,030 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,030 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,030 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,030 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01P\xa5W\xa5\x8a\xa2\xcf\x01\xf0\xb0#\xa5\x8a\xa2\xcf\x01\xf0\xb0#\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,030 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,030 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,030 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,030 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,040 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,040 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,040 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xb0\xb3Z\xa5\x8a\xa2\xcf\x01\xb0\xb3Z\xa5\x8a\xa2\xcf\x01\xb0\xb3Z\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x15\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,080 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,080 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,080 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,080 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,080 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,080 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,080 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,080 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,080 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,080 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,090 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,090 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,090 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,090 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,090 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,090 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,090 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@I_\xa5\x8a\xa2\xcf\x01@I_\xa5\x8a\xa2\xcf\x01@I_\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,090 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,100 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,100 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,100 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,100 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,100 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,100 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xa0Wb\xa5\x8a\xa2\xcf\x01@I_\xa5\x8a\xa2\xcf\x01@I_\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,110 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,110 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,110 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,110 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,110 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,110 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,110 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\x00fe\xa5\x8a\xa2\xcf\x01\x00fe\xa5\x8a\xa2\xcf\x01\x00fe\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x16\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,120 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,130 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,130 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,130 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,130 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,130 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,130 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,130 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,130 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,130 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,450 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,450 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,450 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,450 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,450 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,450 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,460 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010\xedf\xa5\x8a\xa2\xcf\x010\xedf\xa5\x8a\xa2\xcf\x010\xedf\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,460 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,460 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,460 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,460 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,470 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,470 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,470 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90\xe1\x9a\xa5\x8a\xa2\xcf\x010\xedf\xa5\x8a\xa2\xcf\x010\xedf\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,480 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,491 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,491 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,491 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,491 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,491 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,491 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xf0\xef\x9d\xa5\x8a\xa2\xcf\x010\xedf\xa5\x8a\xa2\xcf\x010\xedf\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,501 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,501 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,501 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,501 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,501 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,501 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,501 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01P\xfe\xa0\xa5\x8a\xa2\xcf\x01P\xfe\xa0\xa5\x8a\xa2\xcf\x01P\xfe\xa0\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x17\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,531 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,531 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,541 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,541 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,541 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,541 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,541 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,541 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,541 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,541 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,541 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,551 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,551 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,551 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,551 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,551 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,551 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xe0\x93\xa5\xa5\x8a\xa2\xcf\x01\xe0\x93\xa5\xa5\x8a\xa2\xcf\x01\xe0\x93\xa5\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,551 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,551 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,561 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,561 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,561 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,561 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,561 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@\xa2\xa8\xa5\x8a\xa2\xcf\x01\xe0\x93\xa5\xa5\x8a\xa2\xcf\x01\xe0\x93\xa5\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,561 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,561 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,561 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,571 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,571 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,571 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,571 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xa0\xb0\xab\xa5\x8a\xa2\xcf\x01\xa0\xb0\xab\xa5\x8a\xa2\xcf\x01\xa0\xb0\xab\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,581 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,581 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,581 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,581 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,581 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,581 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,591 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,591 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,591 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,591 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,911 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,911 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,911 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,911 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,911 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,911 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,911 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd07\xad\xa5\x8a\xa2\xcf\x01\xd07\xad\xa5\x8a\xa2\xcf\x01\xd07\xad\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,911 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,921 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,921 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,921 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,921 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,921 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,921 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x00\xa5\xdf\xa5\x8a\xa2\xcf\x01\xd07\xad\xa5\x8a\xa2\xcf\x01\xd07\xad\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,921 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,921 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,921 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,921 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,921 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,921 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,921 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010,\xe1\xa5\x8a\xa2\xcf\x01\xd07\xad\xa5\x8a\xa2\xcf\x01\xd07\xad\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,921 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,921 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,921 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,921 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,931 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,931 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,931 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01`\xb3\xe2\xa5\x8a\xa2\xcf\x01`\xb3\xe2\xa5\x8a\xa2\xcf\x01`\xb3\xe2\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,941 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,941 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,941 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,941 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,941 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,941 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,941 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,941 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,941 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,941 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,951 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,951 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,951 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,951 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,951 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,951 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,951 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x90:\xe4\xa5\x8a\xa2\xcf\x01\x90:\xe4\xa5\x8a\xa2\xcf\x01\x90:\xe4\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,951 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,951 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,951 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,951 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,951 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,951 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,951 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xc0\xc1\xe5\xa5\x8a\xa2\xcf\x01\x90:\xe4\xa5\x8a\xa2\xcf\x01\x90:\xe4\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,951 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,951 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,951 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,951 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,951 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,951 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:38,951 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xc0\xc1\xe5\xa5\x8a\xa2\xcf\x01\xc0\xc1\xe5\xa5\x8a\xa2\xcf\x01\xc0\xc1\xe5\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:38,961 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,961 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,961 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,961 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,961 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,961 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,961 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,961 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:38,961 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:38,961 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:39,282 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,282 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,282 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,282 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,282 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:39,282 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:39,282 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xf0H\xe7\xa5\x8a\xa2\xcf\x01\xf0H\xe7\xa5\x8a\xa2\xcf\x01\xf0H\xe7\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:39,292 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,292 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,292 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,292 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,292 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:39,292 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:39,292 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01 \xb6\x19\xa6\x8a\xa2\xcf\x01\xf0H\xe7\xa5\x8a\xa2\xcf\x01\xf0H\xe7\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:39,302 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,302 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,302 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,302 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,302 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:39,302 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:39,302 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01P=\x1b\xa6\x8a\xa2\xcf\x01\xf0H\xe7\xa5\x8a\xa2\xcf\x01\xf0H\xe7\xa5\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:39,312 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,312 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,312 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,312 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,312 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:39,312 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:39,312 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\x80\xc4\x1c\xa6\x8a\xa2\xcf\x01\x80\xc4\x1c\xa6\x8a\xa2\xcf\x01\x80\xc4\x1c\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:39,342 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,342 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,342 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,342 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,342 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,342 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,342 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,342 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,352 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:39,352 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:39,352 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,352 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,352 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,352 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,352 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:39,352 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:39,352 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x10Z!\xa6\x8a\xa2\xcf\x01\x10Z!\xa6\x8a\xa2\xcf\x01\x10Z!\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:39,362 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,362 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,362 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,362 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,362 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:39,362 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:39,362 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@\xe1"\xa6\x8a\xa2\xcf\x01\x10Z!\xa6\x8a\xa2\xcf\x01\x10Z!\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:39,362 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,372 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,372 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,372 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,372 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:39,372 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:39,372 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xa0\xef%\xa6\x8a\xa2\xcf\x01\xa0\xef%\xa6\x8a\xa2\xcf\x01\xa0\xef%\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x1c\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:39,382 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,382 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,382 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,382 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,392 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,392 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,392 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,392 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,392 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:39,392 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:39,712 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,712 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,712 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,712 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,712 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:39,712 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:39,712 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0v'\xa6\x8a\xa2\xcf\x01\xd0v'\xa6\x8a\xa2\xcf\x01\xd0v'\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:39,722 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,722 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,722 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,722 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,722 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:39,722 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:39,732 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010k[\xa6\x8a\xa2\xcf\x01\xd0v'\xa6\x8a\xa2\xcf\x01\xd0v'\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:39,732 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,732 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,732 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,732 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,732 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:39,742 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:39,742 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`\xf2\\xa6\x8a\xa2\xcf\x01\xd0v'\xa6\x8a\xa2\xcf\x01\xd0v'\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:39,742 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,742 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,742 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,742 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,742 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:39,752 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:39,752 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\x90y^\xa6\x8a\xa2\xcf\x01\x90y^\xa6\x8a\xa2\xcf\x01\x90y^\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x1d\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:39,762 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,762 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,762 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,772 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,772 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,772 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,772 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,772 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,772 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:39,772 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:39,772 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,772 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,782 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,782 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,782 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:39,782 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:39,782 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xf0\x87a\xa6\x8a\xa2\xcf\x01\xf0\x87a\xa6\x8a\xa2\xcf\x01\xf0\x87a\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:39,782 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,782 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,782 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,782 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,782 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:39,792 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:39,792 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01P\x96d\xa6\x8a\xa2\xcf\x01\xf0\x87a\xa6\x8a\xa2\xcf\x01\xf0\x87a\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:39,792 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,792 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,792 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,792 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,792 | 1200 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:39,802 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:39,802 | 1200 | NtQueryInformationFile |
FileHandle => 0x000004a8 FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\x80\x1df\xa6\x8a\xa2\xcf\x01\x80\x1df\xa6\x8a\xa2\xcf\x01\x80\x1df\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x1e\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:39,812 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,812 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,812 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,812 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,812 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,812 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,812 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,812 | 1200 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:39,812 | 1200 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x000004a8 |
SUCCESS | 0x00000000 | |
| 09:17:39,812 | 1200 | NtOpenDirectoryObject |
DirectoryHandle => 0x000004b0 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:40,143 | 520 | select |
socket => 0x00000003 |
SUCCESS | 0x00000001 | |
| 09:17:40,143 | 1200 | closesocket |
socket => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:40,143 | 1200 | OpenSCManagerW |
MachineName => DatabaseName => DesiredAccess => 2147483648 |
SUCCESS | 0x002435f8 | |
| 09:17:40,143 | 1200 | OpenServiceW |
ServiceControlManager => 0x002435f8 ServiceName => RASMAN DesiredAccess => 4 |
SUCCESS | 0x00245f38 | |
| 09:17:40,143 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => EnableAutodial Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:40,143 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,143 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,153 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000350 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:40,153 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,153 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,153 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:40,153 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:40,153 | 1584 | NtQueryInformationFile |
FileHandle => 0x0000043c FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xb0\xa4g\xa6\x8a\xa2\xcf\x01\xb0\xa4g\xa6\x8a\xa2\xcf\x01\xb0\xa4g\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:40,153 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,163 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,163 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,163 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,163 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:40,163 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:40,163 | 1584 | NtQueryInformationFile |
FileHandle => 0x0000043c FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01@ \x9d\xa6\x8a\xa2\xcf\x01\xb0\xa4g\xa6\x8a\xa2\xcf\x01\xb0\xa4g\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:40,163 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,163 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,163 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,163 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,163 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:40,163 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:40,163 | 1584 | NtQueryInformationFile |
FileHandle => 0x0000043c FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01p\xa7\x9e\xa6\x8a\xa2\xcf\x01\xb0\xa4g\xa6\x8a\xa2\xcf\x01\xb0\xa4g\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:40,163 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,163 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,163 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,173 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,173 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:40,173 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:40,173 | 1584 | NtQueryInformationFile |
FileHandle => 0x0000043c FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xa0.\xa0\xa6\x8a\xa2\xcf\x01\xa0.\xa0\xa6\x8a\xa2\xcf\x01\xa0.\xa0\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00\x1f\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:40,183 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,183 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,183 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,183 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,183 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,183 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,183 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,183 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,183 | 1584 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:40,183 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:40,183 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,183 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,193 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,193 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,193 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:40,193 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:40,193 | 1584 | NtQueryInformationFile |
FileHandle => 0x0000043c FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xd0\xb5\xa1\xa6\x8a\xa2\xcf\x01\xd0\xb5\xa1\xa6\x8a\xa2\xcf\x01\xd0\xb5\xa1\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:40,193 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,193 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,193 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,193 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,193 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:40,193 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:40,193 | 1584 | NtQueryInformationFile |
FileHandle => 0x0000043c FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x00=\xa3\xa6\x8a\xa2\xcf\x01\xd0\xb5\xa1\xa6\x8a\xa2\xcf\x01\xd0\xb5\xa1\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:40,193 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,193 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,193 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,193 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,203 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:40,203 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:40,203 | 1584 | NtQueryInformationFile |
FileHandle => 0x0000043c FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x010\xc4\xa4\xa6\x8a\xa2\xcf\x010\xc4\xa4\xa6\x8a\xa2\xcf\x010\xc4\xa4\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:40,203 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,203 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,203 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,203 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,203 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,203 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,203 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,203 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x0025f9d0 | |
| 09:17:40,203 | 1584 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:40,203 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:40,223 | 1584 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InternetCloseHandle FunctionAddress => 0x771c4d8c ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 09:17:40,513 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243410 | |
| 09:17:40,513 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243410 | |
| 09:17:40,513 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243410 | |
| 09:17:40,513 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243410 | |
| 09:17:40,513 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:40,513 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:40,513 | 1584 | NtQueryInformationFile |
FileHandle => 0x0000043c FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x010\xc4\xa4\xa6\x8a\xa2\xcf\x010\xc4\xa4\xa6\x8a\xa2\xcf\x010\xc4\xa4\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:40,523 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243410 | |
| 09:17:40,523 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243410 | |
| 09:17:40,523 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243410 | |
| 09:17:40,533 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243410 | |
| 09:17:40,533 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:40,533 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:40,533 | 1584 | NtQueryInformationFile |
FileHandle => 0x0000043c FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\x00#\xd4\xa6\x8a\xa2\xcf\x010\xc4\xa4\xa6\x8a\xa2\xcf\x010\xc4\xa4\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:40,533 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243410 | |
| 09:17:40,533 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243410 | |
| 09:17:40,543 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243410 | |
| 09:17:40,543 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243410 | |
| 09:17:40,543 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:40,543 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:40,543 | 1584 | NtQueryInformationFile |
FileHandle => 0x0000043c FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01`1\xd7\xa6\x8a\xa2\xcf\x010\xc4\xa4\xa6\x8a\xa2\xcf\x010\xc4\xa4\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:40,543 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243410 | |
| 09:17:40,543 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243410 | |
| 09:17:40,543 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243410 | |
| 09:17:40,543 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243410 | |
| 09:17:40,553 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:40,553 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:40,553 | 1584 | NtQueryInformationFile |
FileHandle => 0x0000043c FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\xc0?\xda\xa6\x8a\xa2\xcf\x01\xc0?\xda\xa6\x8a\xa2\xcf\x01\xc0?\xda\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00!\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:40,563 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243410 | |
| 09:17:40,563 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243410 | |
| 09:17:40,563 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243410 | |
| 09:17:40,563 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243410 | |
| 09:17:40,563 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243410 | |
| 09:17:40,563 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243410 | |
| 09:17:40,563 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243410 | |
| 09:17:40,563 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243410 | |
| 09:17:40,563 | 1584 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:40,574 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:40,574 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243410 | |
| 09:17:40,574 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243410 | |
| 09:17:40,574 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243410 | |
| 09:17:40,574 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243410 | |
| 09:17:40,574 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:40,574 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:40,584 | 1584 | NtQueryInformationFile |
FileHandle => 0x0000043c FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01\xf0\xc6\xdb\xa6\x8a\xa2\xcf\x01\xf0\xc6\xdb\xa6\x8a\xa2\xcf\x01\xf0\xc6\xdb\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:40,584 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243410 | |
| 09:17:40,584 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243410 | |
| 09:17:40,584 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243410 | |
| 09:17:40,584 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243410 | |
| 09:17:40,584 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:40,594 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:40,594 | 1584 | NtQueryInformationFile |
FileHandle => 0x0000043c FileInformation => \x90\x06\xd3\x8d\x8a\xa2\xcf\x01P\xd5\xde\xa6\x8a\xa2\xcf\x01\xf0\xc6\xdb\xa6\x8a\xa2\xcf\x01\xf0\xc6\xdb\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00@L\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:40,594 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243410 | |
| 09:17:40,594 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243410 | |
| 09:17:40,594 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243410 | |
| 09:17:40,594 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243410 | |
| 09:17:40,594 | 1584 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x0012019f CreateDisposition => 3 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:40,594 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:40,594 | 1584 | NtQueryInformationFile |
FileHandle => 0x0000043c FileInformation => \xc0T\xb6\x96\x8a\xa2\xcf\x01\x80\\xe0\xa6\x8a\xa2\xcf\x01\x80\\xe0\xa6\x8a\xa2\xcf\x01\x80\\xe0\xa6\x8a\xa2\xcf\x01 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00_L\x00\x00\x00\x00"\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\xac\x00\x00\x00\\x00D\x00 |
FAILURE | 2147483653 | |
| 09:17:40,624 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243410 | |
| 09:17:40,624 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243410 | |
| 09:17:40,624 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243410 | |
| 09:17:40,624 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243410 | |
| 09:17:40,624 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00243410 | |
| 09:17:40,634 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe |
SUCCESS | 0x00243410 | |
| 09:17:40,634 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat |
SUCCESS | 0x00243410 | |
| 09:17:40,634 | 1584 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0 |
SUCCESS | 0x00243410 | |
| 09:17:40,634 | 1584 | NtCreateFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal DesiredAccess => 0x00010080 CreateDisposition => 1 FileHandle => 0x0000043c |
SUCCESS | 0x00000000 | |
| 09:17:40,634 | 1584 | NtOpenDirectoryObject |
DirectoryHandle => 0x00000440 DesiredAccess => 1 ObjectAttributes => C:\?? |
SUCCESS | 0x00000000 | |
| 09:17:43,748 | 520 | select |
socket => 0x00000002 |
SUCCESS | 0x00000001 | |
| 09:17:43,748 | 1200 | closesocket |
socket => 0x0000048c |
SUCCESS | 0x00000000 | |
| 09:17:43,758 | 1200 | OpenSCManagerW |
MachineName => DatabaseName => DesiredAccess => 2147483648 |
SUCCESS | 0x00245ee8 | |
| 09:17:43,758 | 1200 | OpenServiceW |
ServiceControlManager => 0x00245ee8 ServiceName => RASMAN DesiredAccess => 4 |
SUCCESS | 0x00245f10 | |
| 09:17:43,758 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => EnableAutodial Type => 844 |
FAILURE | 0x00000002 | |
| 09:17:43,778 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000350 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:43,778 | 1200 | socket |
type => 1 protocol => 6 af => 2 |
SUCCESS | 0x0000048c | |
| 09:17:43,778 | 1200 | ioctlsocket |
command => 2147772030 socket => 0x0000048c |
SUCCESS | 0x00000000 | |
| 09:17:43,778 | 1200 | bind |
ip => 0.0.0.0 socket => 0x0000048c port => 0 |
SUCCESS | 0x00000000 | |
| 09:17:43,778 | 1200 | NtDeviceIoControlFile |
InputBuffer => FileHandle => 0x0000048c OutputBuffer => \x01\x00\x00\x00\x01\x00\x00\x00\x0e\x00\x02\x00\x04\x1b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:17:43,778 | 1200 | connect |
socket => 0x0000048c |
FAILURE | 4294967295 | |
| 09:17:43,778 | 520 | select |
socket => 0x00000001 |
SUCCESS | 0x00000001 | |
| 09:17:43,778 | 520 | WSARecv |
socket => 0x000003b0 |
SUCCESS | 0x00000000 | |
| 09:17:43,778 | 1200 | send |
buffer => ! socket => 0x000003b0 |
SUCCESS | 0x00000001 | |
| 09:17:44,780 | 1636 | ExitThread |
ExitCode => 0 |
SUCCESS | 0x00000000 | |
| 09:18:04,778 | 520 | select |
socket => 0x00000002 |
SUCCESS | 0x00000001 | |
| 09:18:04,778 | 1200 | closesocket |
socket => 0x0000048c |
SUCCESS | 0x00000000 | |
| 09:18:04,778 | 1200 | RegQueryValueExA |
Handle => 0x00000420 Data => 0 ValueName => EnableFileTracing |
SUCCESS | 0x00000000 | |
| 09:18:04,778 | 1200 | RegQueryValueExA |
Handle => 0x00000420 Data => 4294901760 ValueName => FileTracingMask |
SUCCESS | 0x00000000 | |
| 09:18:04,778 | 1200 | RegQueryValueExA |
Handle => 0x00000420 Data => 0 ValueName => EnableConsoleTracing |
SUCCESS | 0x00000000 | |
| 09:18:04,778 | 1200 | RegQueryValueExA |
Handle => 0x00000420 Data => 4294901760 ValueName => ConsoleTracingMask |
SUCCESS | 0x00000000 | |
| 09:18:04,778 | 1200 | RegQueryValueExA |
Handle => 0x00000420 Data => 1048576 ValueName => MaxFileSize |
SUCCESS | 0x00000000 | |
| 09:18:04,788 | 1200 | RegQueryValueExA |
Handle => 0x00000420 Data => %windir%\tracing\x00 ValueName => FileDirectory |
SUCCESS | 0x00000000 | |
| 09:18:04,788 | 1200 | OpenSCManagerW |
MachineName => DatabaseName => DesiredAccess => 2147483648 |
SUCCESS | 0x00245f60 | |
| 09:18:04,788 | 1200 | OpenServiceW |
ServiceControlManager => 0x00245f60 ServiceName => RASMAN DesiredAccess => 4 |
SUCCESS | 0x00245ee8 | |
| 09:18:04,788 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => EnableAutodial Type => 844 |
FAILURE | 0x00000002 | |
| 09:18:04,788 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000350 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:18:04,788 | 1200 | socket |
type => 1 protocol => 6 af => 2 |
SUCCESS | 0x0000048c | |
| 09:18:04,798 | 1200 | ioctlsocket |
command => 2147772030 socket => 0x0000048c |
SUCCESS | 0x00000000 | |
| 09:18:04,798 | 1200 | bind |
ip => 0.0.0.0 socket => 0x0000048c port => 0 |
SUCCESS | 0x00000000 | |
| 09:18:04,798 | 1200 | NtDeviceIoControlFile |
InputBuffer => FileHandle => 0x0000048c OutputBuffer => \x01\x00\x00\x00\x01\x00\x00\x00\x0e\x00\x02\x00\x04\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:18:04,798 | 1200 | connect |
socket => 0x0000048c |
FAILURE | 4294967295 | |
| 09:18:04,798 | 520 | select |
socket => 0x00000001 |
SUCCESS | 0x00000001 | |
| 09:18:04,798 | 520 | WSARecv |
socket => 0x000003b0 |
SUCCESS | 0x00000000 | |
| 09:18:04,798 | 1200 | send |
buffer => ! socket => 0x000003b0 |
SUCCESS | 0x00000001 | |
| 09:18:20,641 | 1584 | ExitThread |
ExitCode => 0 |
SUCCESS | 0x00000000 | |
| 09:18:21,713 | 1904 | CreateThread |
ThreadId => 404 StartRoutine => 0x77e76c7d Parameter => 0x001ef238 CreationFlags => 0 |
SUCCESS | 0x00000328 | |
| 09:18:25,708 | 520 | select |
socket => 0x00000002 |
SUCCESS | 0x00000001 | |
| 09:18:25,708 | 1200 | closesocket |
socket => 0x0000048c |
SUCCESS | 0x00000000 | |
| 09:18:25,708 | 1200 | OpenSCManagerW |
MachineName => DatabaseName => DesiredAccess => 2147483648 |
SUCCESS | 0x00243d00 | |
| 09:18:25,718 | 1200 | OpenServiceW |
ServiceControlManager => 0x00243d00 ServiceName => RASMAN DesiredAccess => 4 |
SUCCESS | 0x002435f8 | |
| 09:18:25,718 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => EnableAutodial Type => 844 |
FAILURE | 0x00000002 | |
| 09:18:25,718 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000350 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:18:25,718 | 1200 | socket |
type => 1 protocol => 6 af => 2 |
SUCCESS | 0x0000048c | |
| 09:18:25,728 | 1200 | ioctlsocket |
command => 2147772030 socket => 0x0000048c |
SUCCESS | 0x00000000 | |
| 09:18:25,728 | 1200 | bind |
ip => 0.0.0.0 socket => 0x0000048c port => 0 |
SUCCESS | 0x00000000 | |
| 09:18:25,728 | 1200 | NtDeviceIoControlFile |
InputBuffer => FileHandle => 0x0000048c OutputBuffer => \x01\x00\x00\x00\x01\x00\x00\x00\x0e\x00\x02\x00\x04\x1f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:18:25,728 | 1200 | connect |
socket => 0x0000048c |
FAILURE | 4294967295 | |
| 09:18:25,728 | 520 | select |
socket => 0x00000001 |
SUCCESS | 0x00000001 | |
| 09:18:25,728 | 520 | WSARecv |
socket => 0x000003b0 |
SUCCESS | 0x00000000 | |
| 09:18:25,738 | 1200 | send |
buffer => ! socket => 0x000003b0 |
SUCCESS | 0x00000001 | |
| 09:18:46,739 | 520 | select |
socket => 0x00000002 |
SUCCESS | 0x00000001 | |
| 09:18:46,739 | 1200 | closesocket |
socket => 0x0000048c |
SUCCESS | 0x00000000 | |
| 09:18:46,739 | 1200 | OpenSCManagerW |
MachineName => DatabaseName => DesiredAccess => 2147483648 |
SUCCESS | 0x00245da8 | |
| 09:18:46,739 | 1200 | OpenServiceW |
ServiceControlManager => 0x00245da8 ServiceName => RASMAN DesiredAccess => 4 |
SUCCESS | 0x00245f38 | |
| 09:18:46,739 | 1200 | RegQueryValueExA |
Handle => 0x0000034c DataLength => 4 ValueName => EnableAutodial Type => 844 |
FAILURE | 0x00000002 | |
| 09:18:46,749 | 1200 | NtQueryInformationFile |
FileHandle => 0x00000350 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:18:46,749 | 1200 | socket |
type => 1 protocol => 6 af => 2 |
SUCCESS | 0x0000048c | |
| 09:18:46,749 | 1200 | ioctlsocket |
command => 2147772030 socket => 0x0000048c |
SUCCESS | 0x00000000 | |
| 09:18:46,749 | 1200 | bind |
ip => 0.0.0.0 socket => 0x0000048c port => 0 |
SUCCESS | 0x00000000 | |
| 09:18:46,749 | 1200 | NtDeviceIoControlFile |
InputBuffer => FileHandle => 0x0000048c OutputBuffer => \x01\x00\x00\x00\x01\x00\x00\x00\x0e\x00\x02\x00\x04"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 09:18:46,749 | 1200 | connect |
socket => 0x0000048c |
FAILURE | 4294967295 | |
| 09:18:46,759 | 520 | select |
socket => 0x00000001 |
SUCCESS | 0x00000001 | |
| 09:18:46,759 | 520 | WSARecv |
socket => 0x000003b0 |
SUCCESS | 0x00000000 | |
| 09:18:46,759 | 1200 | send |
buffer => ! socket => 0x000003b0 |
SUCCESS | 0x00000001 | |
| 09:18:51,726 | 1908 | ExitThread |
ExitCode => 0 |
SUCCESS | 0x00000000 | |
| 09:18:53,098 | 520 | select |
socket => 0x00000002 |
SUCCESS | 0x00000001 | |
| 09:18:53,098 | 1852 | NtDeviceIoControlFile |
InputBuffer => \x00\x00\x00\x00B<oe\x8c\x04\x00\x00\x01\x00\x00\x00\x0e\x00\x02\x00\x00P\x17\x03
\xc8\x00\x00\x00\x00\x00\x00\x00\x00 FileHandle => 0x0000044c OutputBuffer => |
SUCCESS | 0x00000103 |